OpsMgr: How to use Run As Profile in Powershell

I was working on a new management pack  for Tivoli Storage Manager. I want to discover the nodes from the TSM server via an administrative console. Unfortunately you have to login in  that console to get the info out TSM. I have made a Powershell script that is using the console to export a list of nodes with some information to a text file. After the export the script imports the text file as CSV and put the information into SCOM for making it as discovered objects.  

The best and nicest thing to do is using the credentials via a Run As Profile, not hard coded in the script. This is not handy and it’s wrong. What happens if the user not exist anymore or the password has expired. You don’t want to edit the management pack for only to change the username and password. The perfect why to do that is to use the Run As Profiles via SCOM console.

After some resourcing I have found a solution to use Run As Profile in the script. This means you have to make a Run As Profile for your management pack and use the Parameters(if you are using Powershell) in the Probe action.

Let’s see. First you have to make a Run As Profile in Authoring Console. This is located in Health Model\Secure References.  You need the ID later for your Probe action configscript. Give it a nice name, because you will see that later in the SCOM console.

Go to your Powershell Script in Probe Module and add these parameters at the end of the configuration. Between </SCRIPTBODY> and <TIMEOUT>

<Parameter>

      <Name>TSMuser</Name>

      <Value>$RunAs[Name=”TEST.CST.TSM.ADMIN.RUNAS”]/UserName$</Value>

    </Parameter>

    <Parameter>

      <Name>TSMpass</Name>

      <Value>$RunAs[Name=”TEST.CST.TSM.ADMIN.RUNAS”]/Password$</Value>

    </Parameter>

  </Parameters>

 Change it to your ID. With param you can use the parameters in the script.  

Import the management pack in SCOM and go to administration. You have to make a Run As Account. This can only in SCOM and not in Authoring Console. If you  are done with making an account, go to Run As Profile. Open the Profile and add the account you just created.

So, after this your are done and the script use the credentials from SCOM instead hard coded in the script 😉

Advertisements

6 thoughts on “OpsMgr: How to use Run As Profile in Powershell

  1. Hi
    Did you finish your mp? I have to create my own within the next few weeks, wundered if you would share some of your work.
    I have 15 years of experience with tsm, but never worked with scom before. Don’t know the current state on it but I might be alle to enhance it with relation to tsm.
    Best regards
    Lasse

    1. Hello Lasse,

      Sorry for my late answer, but I was on holiday in the last few weeks. Yes, the MP is ready and the customer is using it. Unfortunately, I don’t have the source of this MP anymore. It was not a hard MP. What I did is: Use the TSM console command to export the necessary info about the backup (like completed, started or missed) into a text file. With PowerShell you could read the textfile and use it for the monitor or rule. With Powershell you can make a nice table from the exported info from the textfile.

      If you need more help I can help you with that. I could ask the customer if they want to export the MP for me..

      Success!

      1. Hi,
        I am getting a compile time error for below line $RunAs[Name=”mymp.Profile”]/Password$
        mymp is my MP name and Profile is the name of profile created as run as profile..I am using scom 2012..Thank you

      2. Hmm.. Could you post the entirely runas script (XML) ? If you have problem with posting that info in a comment, please email me… See about for contact information. Thanks! 🙂

  2. Hi,Its working now.. i was missing the secured reference tag to use “mymp.Profile”..Thank you..
    But need to know if there is any option to pass profile name dynamically…or as a overridable parameter.
    Something like ;
    $Var = “mymp.Profile”
    $RunAs[Name=” + $Var + “]/UserName$
    $RunAs[Name=” + $Var + “]/Password$

    1. Hm good question. It is not possible. There is no option to override the profile name. The Run As/Profiel name is static in the MP and there is no option to change it to dynamically from both side, XML and Authoring Console. I think you should use a ‘tweakscript’ (like VB or PS) besides the XML to change the name before the user is importing the MP. But that will not be easy..:)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.