Skip to content

Posts from the ‘System Center’ Category


SCOM Workgroup Monitoring – Disable AD Integration

Because workgroup computers can’t read Active Directory, AD Integration should to be disabled on these systems.  For some reason, the SCOM interactive agent setup will not allow the option “Use Management Group Information from Active Directory” to be disabled (it is grayed out).  However, this  setting can be disabled by installing the agent from the command line, or editing a registry key on an existing agent.

To disable during setup:
Install the SCOM agent with the following command line: MOMAgent.msi USE_SETTINGS_FROM_AD=0 MANAGEMENT_GROUP=<Management Group Here>” MANAGEMENT_SERVER_DNS=<FQDN of management server here> /qb

To disable in the registry:
Open registry editor and nagivate to: SYSTEM\CurrentControlSet\Services\HealthService\Parameters\ConnectorManager“.
Set the EnableADIntegration in the registry to 0′
Restart the HealthService (System Center Management)

If one of the above steps is not completed, you will see the following entry in your Operations Manager event log:

Log Name:      Operations Manager
Source:        HealthService
Date:          <Date/Time>
Event ID:      2010
Task Category: Health Service
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      <FQDN>
The Health Service cannot connect to Active Directory to retrieve management group policy.  The error is Unspecified error (0x80004005)


OSD: “Run As” Caveats

When trying to run some customization scripts during an OSD Task Sequence, I found some issues when trying to use the Run As feature during a Run Command Line step.  In my case, I wanted to add the computer object that was being built in the Task Sequence to a custom group in Active Directory.

I found that my script (PowerShell based) ran perfectly when executed in a windows environment, but during the task sequence it would fail.  The root of the problem was that the Run As functionality affects the ability to access COM objects.  When using the Run As feature, I was unable to connect to and manipulate Active Directory.  I found that I had to run the script without the Run As option and embed the credentials in the script itself.  (I used some methods to encrypt the password, but that is really outside the scope of this blog post).  In my case, when using PowerShell, I used the Invoke-Command with the -Credential cmdlet.  The reason I used that cmdlet is because Start-Process and Start-Job can’t use the -Credential parameter when running as Local System (which is what the task sequence uses).

One thing to keep in mind when writing scripts to be used in OSD, if you need to elevate permissions, you may not be able to use the Run As option and may need to find an alternate way of elevating permissions.


SCSM: Notification workflow on Work Item assignments

Update: I have written an additional blog entry on this topic to address both Service Requests and Release Records.  This post can be found here: Notification workflow on Work Item assignments (Part 2)

The Microsoft Service Manager team has written two great blogs on how to create the workflows required in Service Manager to send out notifications when a work item has been assigned/re-assigned.  Initially you might think this could be done in the UI, but actually it must be done in XML.  The Service Manager team has provided great examples on how to do this for both Incidents and Activities.

The blog for Incidents can be found here:

The blog for Activities can be found here:

I followed the blogs above and got it working in no time for both my Incidents and Activities.  However, I also wanted to do this for my Problems and Change Requests.  Read moreRead more


Coming Attractions: Service Manager & IPv6

On this fine evening, we wanted to share with you a little preview of coming attractions, which will hopefully appear in future posts. Two of our projects revolve around Microsoft System Center Service Manager and IPv6 (separate endeavors). Both of these hold good promise for our organization and where we go with each may help you as well.

Through the years, we’ve used a couple different help desk and change management tools–Track-It! and Alloy Navigator–and in each, we’ve run into issues and shortcomings. Track-It! was fine as a ticketing system, but provided very little correlation (if any), no audit trail, and sparse asset management. Alloy is a step in the right direction with a pretty comprehensive set of features, ranging from Purchase Orders to Incident and Change Management to Asset tracking, but the application and system itself are fraught with bugs, counter-intuitive processes, etc. In other words, lots of ongoing work which is worthy of many tickets itself.

So we’re venturing into Microsoft’s Service Manager territory and are very interested in the integration with the rest of the System Center suite (Configuration Manager and Operations Manager), as well as Active Directory. We’re also checking out Provance IT Asset Management, a management pack for SM, which enhances the product and provides an otherwise absent financial piece. Looking good so far!

On the networking side, we’ve been in the R&D phase with IPv6 (Internet Protocol version 6) for a few months now since receiving our own /48 block of addresses from ARIN. The documentation online is a bit sparse and mostly targeted to either consumers (Teredo) or ISPs, but we’re finding some nuggets in the digging.  Some good resources thus far are:

IPv6 is quite the undertaking, but as we work to roll it out in our organization, we’ll be sharing info to help in yours.