Creating a SCOM Group based on an AD Group

So I’ve been working on this too long now! I started with Boris’ old post ( and after some effort got it to work with SCOM 2012. I also did some minor additions (description fields, etc.) to make the BPA happier.

One thing to note is that this uses some of the older (i.e. 2007) functionality that is still present in SCOM 2012. There are some schema changes in 2012 that I am NOT taking advantage of.

The discovery I used looks for the members (assumes they are servers) of a given AD group. I tried to make the group DN a passed in variable, but then I realized it won’t make my life much easier since I’ll have to manually create the rest of the MP for each group I create. I plan on expanding this MP to include roughly 200 groups…

Take the attached file, copy the contents into Notepad, etc. and save as an XML.


11 thoughts on “Creating a SCOM Group based on an AD Group

  1. Would you be able to upload the XML file that you used? I am looking to do this same thing in scom 2012.


  2. I’ve also created a script on that scans AD, looks for groups with a specific naming convention, then creates the XML to create all those groups within SCOM. This enables you to autocreate the XML (hence SCOM groups) without manual updates each time a new group is added in AD. I’ll work on uploading it.

  3. I am trying to hack together a MP but it doesn’t seem to be pulling the computer objects from my group. Anything you see off-hand wrong with it?










    $MPElement$ $Target/Id$

    Option Explicit
    Dim oArgs
    Set oArgs = WScript.Arguments

    Dim SourceID, ManagedEntityId, TargetComputer, objComputer, objGroup, strPieces, parts, arrMemberOf, strMember

    SourceId = oArgs(0)
    ManagedEntityId = oArgs(1)
    TargetComputer = oArgs(2)

    Dim oFso
    Set oFso = CreateObject(“Scripting.FileSystemObject”)

    Dim oAPI, oDiscoveryData, oInst
    Set oAPI = CreateObject(“MOM.ScriptAPI”)
    set oDiscoveryData = oAPI.CreateDiscoveryData(0, SourceId, ManagedEntityId)

    Dim objRootDSE, strDomain, GroupDN
    Set objRootDSE = GetObject(“LDAP://rootDSE”)
    strDomain = objRootDSE.Get(“defaultNamingContext”)
    wscript.echo strDomain

    GroupDN = “CN=GIT Microsoft Priority 1 Systems,OU=Groups,DC=domain,DC=com”
    wscript.echo GroupDN

    Set objComputer = CreateObject(“Wscript.Network”)
    Set objGroup = GetObject(“LDAP://CN=GIT Microsoft Priority 1 Systems,OU=Groups,OU=Stryker,DC=strykercorp,DC=com”)

    arrMemberOf = objGroup.GetEx(“member”)
    For Each strMember in arrMemberOf
    strPieces = Split(strMember, “,”)
    parts = Split(strpieces(0), “=”)
    If parts(1) = objComputer.ComputerName Then

    set oInst = oDiscoveryData.CreateClassInstance(“$MPElement[Name=’GroupPopulationDemo.ADBasedGroup’]$”)
    call oInst.AddProperty(“$MPElement[Name=’Windows!Microsoft.Windows.Computer’]/PrincipalName$”, TargetComputer)
    call oDiscoveryData.AddInstance(oInst)

    End If

    Call oAPI.Return(oDiscoveryData)


    AD Based Group Population

    AD Based Group

    AD Based Group Contains Windows Computers

    AD Based Group Sample Discovery

  4. I am having issues getting relationship to populate from a script similar to this. The reason is that some of the Windows Principal Names from AD are not in SCOM. So as I loop through all of the computer names, if one of them is invalid, the entire process is rolled back and no relationships are created. That is some crud for sure. Anyone know of a way to either

    1. Verify that the object exists in SCOM first
    2. Export the list of SCOM windows computers (names) from an API to a text file?
    3. Have the missing computers ignored in the process.

    I’ve tried looping and Returning the data to the MS server on each record but the “return” method stops the script and doesn’t come back for the next iteration of the loop.

    • Chris,

      My script is run from SCOM on existing Windows Computers so I haven’t seen that type of error. Where are you running your script from? Within the system or from the outside?

      For #3 above, I’d try including the line “ON ERROR RESUME NEXT” to bypass simple errors…assuming you’re using VBS.


  5. The script is running from the SCOM MS server and is querying Active Directory via ADSI. That query returns back a RecordSet of computer names and when I do:

    Set serverInstance = oDiscoveryData.CreateClassInstance(“$MPElement[Name=’Windows!Microsoft.Windows.Computer’]$”)

    serverInstance.AddProperty “$MPElement[Name=’Windows!Microsoft.Windows.Computer’]/PrincipalName$”,strComputerName + “.domainname”

    Set relationshipInstance = oDiscoveryData.CreateRelationshipInstance(“$MPElement[Name=’GroupPopulation.AppsenseComputersContainsWindowsComputers’]$”)

    relationshipInstance.Source = groupInstance
    relationshipInstance.Target = serverInstance
    oDiscoveryData.AddInstance relationshipInstance

    It works if every computer exists and has an agent installed, but if the CreateRelationshipInstance can’t be created I get an event log error that I am trying to create an invalid relationship and everything submitted fails.

    The error only occurs at the .Return method on MOM.ScriptAPI. And once you call .Return, the communication between the script and the SCOM MS process terminates. So no error in the script to work around.

    What I need is the ability to look into scom and see if the object exists before I add it to the object of new relationships.

    I thought I could even export the SCOM servers currently known and then cross reference those. SCOM doesn’t appear to have either the ability to read current data objects OR the ability to skip errors. It’s a big turd if you ask me.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s