Skip to content

Operations Manager Advanced Dynamic Group Membership Rule – Objects from computers that are member in another Operations Manager group

March 22, 2013

Today i ran into a nice challenge which kept me busy for some hours. The question was relatively simple:

“Not all the SQL servers are managed by our DBA Team, so here is a list with servers they do manage. Please make a seperation in Operations Manager so that:

  • Only notifications are send from the SQL servers they manage
  • They have Operator permissions on only the SQL objects on those servers
  • When a new SQL server is installed that they manage this does not have to be added in Operations Manager “

Before i took off i first created a new management pack to store all the stuff i create. This to keep it seperated from the other Management Packs.

The best way in my opinion is to create a set off groups that have Dynamic Group Membership rules configured. Finding a unique attribute that would group the managed SQL servers was already a challenge. For this a registry key was placed on all managed SQL servers. I used a blog from Kevin Holman to accomplisch this: http://blogs.technet.com/b/kevinholman/archive/2009/06/10/creating-custom-dynamic-computer-groups-based-on-registry-keys-on-agents.aspx

Works great and the group DBA Managed SQL servers is populated with Windows Computer objects.

Moving on……

The resource that triggered me to create this is a blog by Mike Einstein:

http://sentryboy.wordpress.com/2008/06/30/groupcalc/

Now i want to create a group that only populates the SQL DB Engines for the managed servers. As the newly created class in the previous step is added to the Windows Computer Class i cannot select this anymore in the Query Builder. The reason is that the created class is outside the chain of containment for SQL DB Engine.
Actually i want the query to look at the computer members in the DBA Managed SQL Servers group. This is possible with a little XLM editing. The new group i created is called DBA Managed SQL DB Engines and configured the following Query with the Query Builder:

AdvancedGroupMembership1

Now i export the management pack and open the XML. I would like to add an expression the membership rule for the DBA Managed SQL DB Engines. I need the ID for this group and the DBA Managed SQL Servers group. These can be found at the end off the XML:

 <DisplayString ElementID=”UINameSpacefb70673a9805428588ada8cd7c0243f8.Group”>
<Name>DBA Managed SQL DB Engines</Name>
<Description>This group contains all SQL DB Engine Objects that are managed by DBA</Description>
</DisplayString>
 <DisplayString ElementID=”UINameSpace5176b339ac824183a570c20ea05dd98f.Group”>
<Name>DBA Managed SQL Computers</Name>
<Description>This group contains all the SQL servers that are managed by DBA</Description>
</DisplayString>

Now look at the group membership part for the DBA Managed SQL DB Engines where we created a query already:

 <Discovery ID=”UINameSpacefb70673a9805428588ada8cd7c0243f8.Group.DiscoveryRule” Enabled=”true” Target=”UINameSpacefb70673a9805428588ada8cd7c0243f8.Group” ConfirmDelivery=”false” Remotable=”true” Priority=”Normal”>
<Category>Discovery</Category>
<DiscoveryTypes>
<DiscoveryRelationship TypeID=”MicrosoftSystemCenterInstanceGroupLibrary6172210!Microsoft.SystemCenter.InstanceGroupContainsEntities” />
</DiscoveryTypes>
<DataSource ID=”GroupPopulationDataSource” TypeID=”SystemCenter!Microsoft.SystemCenter.GroupPopulator”>
<RuleId>$MPElement$</RuleId>
<GroupInstanceId>$MPElement[Name=”UINameSpacefb70673a9805428588ada8cd7c0243f8.Group”]$</GroupInstanceId>
<MembershipRules>
<MembershipRule>
<MonitoringClass>$MPElement[Name=”MicrosoftSQLServerLibrary631731!Microsoft.SQLServer.DBEngine”]$</MonitoringClass>
<RelationshipClass>$MPElement[Name=”MicrosoftSystemCenterInstanceGroupLibrary6172210!Microsoft.SystemCenter.InstanceGroupContainsEntities”]$</RelationshipClass>
</MembershipRule>
</MembershipRules>
</DataSource>
</Discovery>

This expresion needs to be added after </RelationshipClass> and before </MembershipRule> and is the only one needed sinds this group already contains Windows Computer Objects:

 <Expression>
<Contained>
<MonitoringClass>$MPElement[Name=”UINameSpace5176b339ac824183a570c20ea05dd98f.Group”]$</MonitoringClass>
</Contained>
</Expression>

Place this expression in each membership rule if you have configured more.
Now it should look like this:

 <Discovery ID=”UINameSpacefb70673a9805428588ada8cd7c0243f8.Group.DiscoveryRule” Enabled=”true” Target=”UINameSpacefb70673a9805428588ada8cd7c0243f8.Group” ConfirmDelivery=”false” Remotable=”true” Priority=”Normal”>
<Category>Discovery</Category>
<DiscoveryTypes>
<DiscoveryRelationship TypeID=”MicrosoftSystemCenterInstanceGroupLibrary6172210!Microsoft.SystemCenter.InstanceGroupContainsEntities” />
</DiscoveryTypes>
<DataSource ID=”GroupPopulationDataSource” TypeID=”SystemCenter!Microsoft.SystemCenter.GroupPopulator”>
<RuleId>$MPElement$</RuleId>
<GroupInstanceId>$MPElement[Name=”UINameSpacefb70673a9805428588ada8cd7c0243f8.Group”]$</GroupInstanceId>
<MembershipRules>
<MembershipRule>
<MonitoringClass>$MPElement[Name=”MicrosoftSQLServerLibrary631731!Microsoft.SQLServer.DBEngine”]$</MonitoringClass>
<RelationshipClass>$MPElement[Name=”MicrosoftSystemCenterInstanceGroupLibrary6172210!Microsoft.SystemCenter.InstanceGroupContainsEntities”]$</RelationshipClass>
<Expression>
<Contained>
<MonitoringClass>$MPElement[Name=”UINameSpace5176b339ac824183a570c20ea05dd98f.Group”]$</MonitoringClass>
</Contained>
</Expression>
</MembershipRule>
</MembershipRules>
</DataSource>
</Discovery>

Save this stuff and replace the old management pack. Now we’re in business!

It’s now and easy task to set up the notifications channels and User roles as they can be targeted and scoped to these new groups.

I love it when a plan comes together!

Advertisements

From → System Center

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: