Jaa


Reporting RunAsAccount usage information in a SCOM 2012 (R2) Management Group

A few days ago I was asked if I had a script to list all RunAsAccounts in a SCOM Management Group and their associated RunAsProfile (“Which profile uses which account?” or "Which account is used in which profile?"). I had none, but in my youthful carelessness I thought, that couldn’t be rocket science…

Ok, it was not rocket science, but much harder as I thought. Quickly I came up with a function which used Get-SCOMRunAsProfile and a method of the Management Group called GetMonitoringSecureDataHealthServiceReferenceBySecureReferenceId() to process all RunAsAccounts and list there usage in profiles. Unfortunately this method only lists accounts in profiles where the target is the HealthService object itself. If you use other targets (classes, instances) it won’t work.

Hmm, looking at the console I found a link “Where is the credential used?”, which does the trick.

But how do I translate this into PowerShell?
Thanks to our highly knowledgeable and extremely helpful Support Engineer Mihai Sarbulescu who showed me the code behind this link I could finally finish this task!

get-customscomrunasaccounttoprofile

So let’s see the function in action:
I have several RunAsAccounts in my Lab environment…

and e.g. a demo Profile with several accounts associated with different targets:

When you run the function get-customscomrunasaccounttoprofile it will list all SCOM RunAsAccounts and their usage like this:

The function

  • lists all RunAsAccounts
  • shows their usage in profiles and
  • displays the corresponding target ID and the display dame of the target

You can download the most current version of the function at TechnetGallery.

Comments

  • Anonymous
    July 20, 2015
    Useful tool - thanks for this.
  • Anonymous
    May 27, 2016
    Great script but it just drops back to the PS prompt when I run it against a SCOM2012R2 UR7 management group. I don't see anything in the logs. Any idea why this isn't working?