30 sept 2012

SCCM by Davis

SCCM by Davis


Thyag became a registered member

Posted: 30 Sep 2012 02:25 AM PDT

Comments: 0

Pazhaniyappa became a registered member

Posted: 29 Sep 2012 10:10 PM PDT

Comments: 0

Peter Jane wrote a new post, The new look SCCM 2012 Distribution Point: Single Instance Storage

Posted: 29 Sep 2012 03:33 PM PDT

ThumbnailI was leafing through some SCCM 2012 information and found an old post from John Vintzel about how the Distribution Points in SCCM 2012 work differently compared to how they used to work in 2007. Whilst his post […]

Comments: 0

SCCM by Davis

Posted: 29 Sep 2012 01:09 PM PDT

SCCM by Davis


FCC to Auction Off Broadcast Spectrum to Wireless Industry

Posted: 29 Sep 2012 07:00 AM PDT

The FCC voted to begin repurposing spectrum from TV broadcasters for wireless networks, which face a broadband crunch due to smartphones and tablets.

Hany became a registered member

Posted: 29 Sep 2012 12:52 AM PDT

Comments: 0

Rod Trent posted an update in the group BDNA Normalize CM: Software True-ups using BDNA NormalizeCM for SCCM

Posted: 28 Sep 2012 04:45 PM PDT

Software True-ups using BDNA NormalizeCM for SCCM

Comments: 0

Multiserver administration and more with RSAT in Windows Server 2012

Posted: 28 Sep 2012 09:48 AM PDT

Microsoft's Remote Server Administration Tools (RSAT) received an update in time for Windows Server 2012 and Windows 8. What's new?

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

SCCM by Davis

Posted: 28 Sep 2012 01:19 PM PDT

SCCM by Davis


Rod Trent wrote a new post, Alert Update Connector for OpsMgr 2012

Posted: 28 Sep 2012 12:40 PM PDT

A new utility has been released that allows you to set or override custom field values, owners, and ticket IDs for OpsMgr 2012 alerts.

Grab it here: System Center 2012 Operations Manager – Alert Update Connector

Comments: 0

Maik Koster wrote a new post, Compare Active Directory computer accounts with Configuration Manager resources

Posted: 28 Sep 2012 12:33 PM PDT

ThumbnailDespite all discovery methods, Health scripts and other cleanup efforts it might be helpful from time to time to simply compare all the computer account objects that we have in Active Directory with our resources […]

Comments: 0

Julius Nieves and Bill Readshaw are now friends

Posted: 28 Sep 2012 12:32 PM PDT

Comments: 0

Anoop C Nair and Bill Readshaw are now friends

Posted: 28 Sep 2012 12:32 PM PDT

Comments: 0

Julien Moreau and Bill Readshaw are now friends

Posted: 28 Sep 2012 12:32 PM PDT

Comments: 0

Enhansoft and Bill Readshaw are now friends

Posted: 28 Sep 2012 12:32 PM PDT

Comments: 0

10 Mobile Networking and Application Development Myths to Forget

Posted: 28 Sep 2012 11:30 AM PDT

Unfortunately, there are still a lot of misconceptions about the best way to establish your mobile strategy within your network.

Windows Server 2008 support extension gives IT time to catch up

Posted: 28 Sep 2012 09:34 AM PDT

In recognition that server upgrades can be glacially slow, Microsoft extended Windows Server 2008 support as it rolls out the OS' heir apparent.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Lawrence Garvin became a registered member

Posted: 28 Sep 2012 11:35 AM PDT

Comments: 0

Enhansoft wrote a new post, VOTE for Free SSRS Report

Posted: 28 Sep 2012 11:25 AM PDT

Thumbnail

Will it be Program Action Details OR Hard Drive Stats? VOTE NOW!

The winner, which will become October's free SSRS report, will be announced next week.

Program Action Details sample screenshot:

<span style="font-size: […]

Comments: 0

njm became a registered member

Posted: 28 Sep 2012 10:45 AM PDT

Comments: 0

KHUSHBOO SETHI became a registered member

Posted: 28 Sep 2012 10:39 AM PDT

Comments: 0

Winston Hinton commented on the post, [Project] – CM12 Automation – beta is coming

Posted: 28 Sep 2012 09:07 AM PDT

This is awesome!

Comments: 0

Enhansoft wrote a new post, Last Chance to Get Computer System Enclosure Details Report!

Posted: 28 Sep 2012 07:15 AM PDT

ThumbnailSeptember is quickly coming to a close, so send an email to Info at Enhansoft to receive this month's free SSRS report:

Computer System Enclosure Details

Use this report to select the device you want to look […]

Comments: 0

Thomas Stoehr commented on the post, ConfigMgr 2012 Right Click Tools

Posted: 28 Sep 2012 06:56 AM PDT

Hello,

very nice Tools.
As Zogar i am missing some Entries.

RDP to Console
Connect to C$
Interactive Command Prompt

But if i look at the XMLs at ExtensionsActions i can see the Entries for them.
The […]

Comments: 0

Compare Active Directory computer accounts with Configuration Manager resources

Posted: 28 Sep 2012 06:21 AM PDT

Despite all discovery methods, Health scripts and other cleanup efforts it might be helpful from time to time to simply compare all the computer account objects that we have in Active Directory with our resources in ConfigMgr.

There are a couple posts available, that demonstrate how to integrate information from Active Directory into SQL reports. See e.g. "How to add AD data to ConfigMgr reporting" from Garth Jones. As you can see, in his post, Garth shows already how to compare AD accounts with ConfigMgr, so why this post?

Well, they mainly use the ADSI provider as a linked server and the OPENQUERY SQL command to query AD. However most of them suffer from a limitation, that comes from Active Directory itself and will actually hurt most people in a even slightly larger environments. The ADSI provider will only return 1000 rows per query.  And there is not way to tell the "OPENQUERY" command to return more rows.

There are a couple ways around this problem:

 

Increase the limit in Active Directory

Naaaaah. If you don't know exactly what your are doing, don't do this, as it has effect on all queries against AD! Also this is not a long term fix, as the company might grow, which would require to increase the limit again.

 

Call OPENQUERY in batches

Works, but is pretty complicated.

You would need to create a T-SQL script that selects only a subset of accounts, e.g. based on the first character of the name. Every time it reaches the limit of 1000 objects in this subset it would need to divide it again, by e.g taking also the next character of the name into consideration and so on.

If you would like to give this a try, you will find some samples on the internet. I don't supply a link, as none of them has really fulfilled my needs so far.

 

Adding a CLR procedure to query AD

See this post from Igor Kovalenko for more information. He basically uses a pre-compiled dll that you have to register in your SQL Server. Again, this will work, but I'm not a big fan of registering some custom dll's in my sql server. Especially if it is for such a crucial system like ConfigMgr.

 

Using LogParser to fill a temporary table

LogParser?

YES!

If you don't know LogParser, you might want to have a look on some IIS query examples that give you a pretty good idea on its capabilities. It's been initially created to parse IIS log files and haven't been updated since quite some time (the current download still dates back to 2005), but it's still some of the most powerful and underestimated tools around. Download it here.

LogParser uses a SQL like syntax to query from IIS logs (of course), text/XML files, Event logs, the File System, Registry and Active Directory (that's what we need here). It can even parse network captures from Netmon or Windows trace logs. It writes the output to text/xml files, but can also write directly into SQL tables (what we will use in this post).

Most importantly, it's command line based, so pretty easy to automate. However, there is a GUI called Log Parser Lizzard GUI available for free, in case you struggle with the syntax.

After we installed logparser, we can use something like the following to have it crawl through our AD and return a list of computer with some common attributes we might need (line breaks just added for readability):

logparser.exe "SELECT cn,                         objectpath,                         operatingSystem,                         operatingSystemServicePack,                         LastLogonTimestamp,                         pwdLastSet                  FROM 'LDAP://yourdomain.com'"                  -objClass:computer 

Logparser will now write a list of computers in bunches of 10 entries to the default output. In our case the command line window.

SNAGHTML50b827b3

As you can see, we selected the LastLogonTimestamp and PwdLastSet attributes. These attributes give a quite good indication if a computer is still active. But these are Active Directory timestamps so not really handy if we want to upload them to a SQL table for some further investigation, as SQL uses a different date/time format. Now Logparser can also help us here. It doesn't have a native function for the conversion, but if we know, that Active Directory stores date/time values as a number of 100-nanosecond intervals that have elapsed since the 0 hour on January 1, 1601 in GMT, we can use some logparser native functions to do the conversion for us. So to convert the LastLogonTimestamp, we could use the following:

TO_TIMESTAMP(ADD(DIV(TO_REAL(LastLogonTimestamp), 10000000.0), TO_REAL(TIMESTAMP('1601','yyyy'))))

 

Now we add this to the original query and execute this (line breaks just added for readability):

logparser.exe "SELECT cn,                         operatingSystem,                         operatingSystemServicePack,                         TO_TIMESTAMP(ADD(DIV(TO_REAL(LastLogonTimestamp), 10000000.0),                             TO_REAL(TIMESTAMP('1601','yyyy')))) AS [LastLogon],                         TO_TIMESTAMP(ADD(DIV(TO_REAL(pwdLastSet), 10000000.0),                             TO_REAL(TIMESTAMP('1601','yyyy')))) AS [PwdLastSet]                  FROM 'LDAP://yourdomain.com'"                  -objClass:computer

and we get a nicely formatted output.

SNAGHTML50b7c681

Now it's time to export this information directly into a SQL table. So we need to specify the SQL Server, the Database and the table. We can optionally specify a username and password. We also tell it to create the table if it doesn't exist and to empty it first, before adding new values, in case it already exists (as we might want to execute this regularly (line breaks just added for readability):

logparser.exe "SELECT cn,                         operatingSystem,                         operatingSystemServicePack,                         TO_TIMESTAMP(ADD(DIV(TO_REAL(LastLogonTimestamp), 10000000.0),                             TO_REAL(TIMESTAMP('1601','yyyy')))) AS [LastLogon],                         TO_TIMESTAMP(ADD(DIV(TO_REAL(pwdLastSet), 10000000.0),                             TO_REAL(TIMESTAMP('1601','yyyy')))) AS [PwdLastSet]                 INTO tmp_ADComputers                   FROM 'LDAP://yourdomain.com'"                  -objClass:computer                 -o:SQL                  -server:YourSQLServer                 -database:Tempdb                  -createTable:ON                 -clearTable:ON

After we executed logparser, we can open the SQL Management Studio and check our TempDB Database and will find a new table, filled with all computer accounts from AD.

image

 

Compare with ConfigMgr

Now we can add a view to our ConfigMgr Database, that correlates the information from this temporary table with the ConfigMgr resources. The view could look like:

SELECT [cn] AS 'Computer Name'        ,[ObjectPath] AS 'Path'        ,[operatingSystem] AS 'OS'        ,[operatingSystemServicePack] AS 'SP'        ,[LastLogon]         ,DATEDIFF(dd, [LastLogon], getdate()) AS 'days LastLogon'        ,[PwdLastSet]        ,DATEDIFF(dd, [PwdLastSet], getdate()) AS 'days PwdLastSet'  FROM [tempdb].[dbo].[tmp_ADComputers]   WHERE cn NOT IN (SELECT name0 FROM v_GS_Computer_System)   ORDER BY LastLogon

 

Which will give you a list of computers that are in AD but not in ConfigMgr, ordered by their last logon timestamp.

Feel free to take this as a starting point to implement your own, way more advanced queries Winking smile

 

Automating the process

So far, this has been a one-time effort and only reflects the AD information from the time we executed the query against AD. Now you probably want to keep this information up to date, which makes it necessary to automate this process.

There are several ways to automate it. We could run this as a scheduled task. Just wrap the above command in a batch file and execute it on schedule. Easy. Done.

Instead of using the scheduled tasks of the operating system, we could also make use of the SQL Server itself and have the SQL Agent run a job regularly. For demonstration purposes, we make use of another feature of logparser, and that is its capability to be scripted. During the installation it also registers a couple COM components, that we can use from any script language (VBScript, PowerShell, etc). And as we can natively execute scripts in a SQL Agent Job. we have a perfect fit. You need to make sure, that logparser is also installed on the SQL Server.

So let's create a new Job in SQL Management Studio

image

and give it a proper name

SNAGHTML50ca53d2

Then we add a new step and select ActiveX Script

SNAGHTML50caf658

To make it as easy as possible for you and keep this post a bit shorter, you can download a prepared script from CodePlex (Download from here), that contains all necessary steps to call logparser from VBScript.

Click on "Open" and point it to the supplied script (WriteADComputerInfoToSQL.vbs) and the content will pop up in the script window. Now all you need is to adjust some values in the script like giving it the proper domain name, sqlserver name etc.

image

Define a schedule that fits to your needs and from then the view you have created before is always up to date.

That's it.

 

As you have seen, this was just a basic scenario. I would be happy to hear/read from your solutions. Winking smile

Rod Trent posted an update in the group The Word at myITforum: Psalms 9:9 The LORD is a stronghold for the oppressed, a […]

Posted: 28 Sep 2012 05:40 AM PDT

Psalms 9:9 The LORD is a stronghold for the oppressed, a stronghold in times of trouble.

Comments: 0

Rod Trent posted an update in the group IT Fit: Diet Foods: Weight Loss Snacks - Prevention.com

Posted: 28 Sep 2012 05:35 AM PDT

Rod Trent wrote a new post, Adobe code signing certificate revocation on Oct 4

Posted: 28 Sep 2012 05:31 AM PDT

Something to be aware of...
"Adobe is investigating what appears to be the misuse of an Adobe code signing certificate. Adobe, working with Verisign, plans to revoke the certificate on October 4 for all software […]

Comments: 0

HP, Cisco Networking Gear Work Together in New Private Cloud Data Center

Posted: 28 Sep 2012 05:30 AM PDT

Hewlett-Packard gave tech reporters and bloggers a tour Sept. 6 of a new data center it developed for Diversified Agency Services (DAS).
You are subscribed to email updates from SCCM by Davis
To stop receiving these emails, you may unsubscribe now.
Email delivery powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610
System Center Configuration Manager - Davis Blog
You are subscribed to email updates from SCCM by Davis
To stop receiving these emails, you may unsubscribe now.
Email delivery powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610
System Center Configuration Manager - Davis Blog

SCCM by Davis