Good Stuff for Your Toolkit

Here is a collection of recent additions that I think are useful to have.
Matt Goedtel has done an update on his Extended AP MP.

This management pack augments the existing Active Directory management pack by monitoring the following specific components and subsystems that Active Directory relies on, which are not captured in the current version:

  • Monitor the Windows Time Service (W32Time) for time synchronization issues with authoritative time source.
  • Monitor for clients not authenticating against a local domain controller, indicating site boundaries are not properly defined or scoped.
  • Monitor for expensive or inefficient LDAP queries performed against a DC
  • Monitor for FRS related events that affect the health and availability of the SYSVOL shared directory and its replication on a domain controller.
  • Monitor for specific performance characteristics of a domain controller with respect to Free System Page Table Entries and Database Name Cache hit rate.
  • Includes two Tasks to remotely shutdown and reboot a domain controller from within the Operations Console.

I am currently working on the next version which will verify that the AD Helper Object (OOMADS) is installed, is the latest version, and is running on the domain controller, as this can impact certain workflows from running successfully on a DC.   This is something that we do not monitor by default today, and the only way you know there is a problem is if a script fails and the error refers to an “ActiveX component cannot create the object.”

Lincoln has created a great PowerShell script to do some diagnostic and troubleshooting on the certificates used in OpsMgr. Very good script to have in your toolbag.

The steps for configuring certificates in Operations Manager are numerous and one can easily get them confused.  I see posts to the newsgroups and discussion lists regularly trying to troubleshoot why certificate auth is not working, perhaps for a workgroup machine or gateway.  Sometimes it takes 3 or 4 messages back and forth before I or anyone else can diagnose what the problem actually is.  Once this is finally done we can suggest how to fix the problem.

 In an attempt to make this diagnosis stage eaiser, I put together a Powershell script which automatically checks installed certificates for the needed properties and configuration.  If you think everything is set up correctly but the machines just won’t communicate, try running this script on each computer and it will hopefully point you to the issue.  I have tried to provide useful knowledge for fixing the problems.

 This is for stand-alone Powershell 1.0 – it does not require the Ops Mgr Powershell snapins.

Please leave a comment if you find bugs or the script gives a faulty verdict for you – either it says your setup is fine but actually it’s not working OR it says your setup is busted but the machines communicate anyways.  I appreciate this feedback and will use it to improve and update the script.


I did a post last month ( on how to resolve rule alerts older than a certain number of days with a PowerShell script. I am using that on a daily basis to clear lots of old alerts. Cleaning up health monitor alerts is harder as if you delete the alert it does not make health explorer go green and teh alert will not reappear. You need to reset the health monitor. For the odd one that is fine but to do it for a large number is a pain. Juts like a bus you wait for a while then multiple come at once. Here are 2 different approches to bulk clear heath monitors.
Tim Helton has created a command line tool for resetting health monitors
And the very clever Marius Sutara provides another way to reset health explorer states but from within OpsMgr using a web view.
Good for a whole group of servers. While it is nice and I usually prefer GUIs I think Tim’s Green Machine is the one that I would tend to use. But you can have both!

Comments are closed.

%d bloggers like this: