Early chapter preview of ‘Inside OMS’ version 2

There have been many inquiries into if the band would be getting back together for a second version of the very popular “Inside the Microsoft Operations Management Suite“. Version 2 is 16 chapters of the latest and greatest of Microsoft OMS…and it’s coming soon.

  • When? I am happy to report we are well into the authoring process and looking to release version 2 around the end of April 2017.
  • Cost? As with the first release, we will deliver a book well worth paying for…except it will again be free!

While we are only a little over a month from completion, we wanted to take a moment to give you  a sneak peak at a couple of the chapters of what is to come.

The “Inside OMS” Team

I am also happy to introduce that the entire author team are all back for v2:

  • Tao Yang, MVP
  • Stanislav Zhelyazkov, MVP
  • Anders Bengtsson, Principal PFE
  • Pete Zerger, CISSP, MVP

OMS has grown considerably since our first release, and to ensure we meet our quality bar as quickly as possible, we are joined by four technical reviewers and an editor! Joining us in the tech reviewer role are some very talented folks, including:

  • Damian Flynn, MVP
  • Kevin Greene, MVP
  • Lee Berg, MVP
  • Steve Buchannan, MVP

Early Chapter Preview

To hold you over until the final release, we are going to share three chapters early…one at a time. Your first taste is a major update, driven by awesome Aussie, Tao Yang. Below, you will find a draft preview of:

Chapter 6: Extending OMS Using Log Search

This chapter covers key topics within OMS Log Analytics, including:

  • Saved Searches
  • OMS Computer Groups
  • Custom Fields
  • Custom Logs
  • Power BI

I’ve reviewed it myself, and I know you will appreciate the more than 70 pages of in-depth guidance in this chapter alone!

Get the preview. You can download the preview release of chapter 6 HERE.

Two more preview chapters will be coming your way in the next week(ish). Stay tuned!

Remoting in Azure Automation Runbooks (SQL DB Creation sample)

I find that using PowerShell remoting in my Azure automation runbooks is sometimes more convenient, as it eliminates the need to install and update additional PowerShell modules on my OMS hybrid runbook worker. For future reference, I wanted to capture an example of a simple approach to PowerShell remoting I find intuitive.

The activities in this relatively simple example of remoting in an Azure Automation runbook include the following:

  • Retrieves user and password info from Azure automation variables, then creates a PsCredential object
  • Remotes from the worker where it is run (the HRW in my case) to a SQL 2014 or 2016 server. (The name of the server and SQL instance are supplied in the $RemoteComputer and $SQLInstance parameters of the runbook)
  • Loads the SQL PowerShell module
  • Creates the SQL database with the default settings, named per the $DatabaseName runbook parameter
  • This sample also includes a trace log to demonstrate where the code executes (on the remote SQL server)



# Retrieve admin user and password, create credential object
$strScriptUser = Get-AutomationVariable -Name 'ContosoAdminUser'
$strPass = Get-AutomationVariable -Name 'ContosoAdminPassword'
$PSS = ConvertTo-SecureString $strPass -AsPlainText -Force
$cred = new-object system.management.automation.PSCredential $strScriptUser,$PSS

#Invoke script block on the remote SQL server
Invoke-Command -Computername $RemoteComputer -Credential $cred -ScriptBlock {

# Import SQL Server Module called SQLPS
Import-Module SQLPS -DisableNameChecking

# Simple log to prove we are remoting
# Logs to c:\Windows\Temp\remoting.txt
$CurrDate = Get-Date
$message = "We remoted to $env:ComputerName on $CurrDate"
$file = "c:\Windows\Temp\remoting.txt"
$Message | Add-Content -Path $file

# Your SQL Server Instance Name
$SqlInst = "$using:SqlInstance"
$Srvr = New-Object -TypeName Microsoft.SqlServer.Management.Smo.Server -ArgumentList $SqlInst

# Database PSDB with default settings
# By assuming that this database does not yet exist in current instance
$DBName = "$using:DatabaseName"
$db = New-Object -TypeName Microsoft.SqlServer.Management.Smo.Database($Srvr, $DBName)


Launch an OMS Automation Runbook on a Hybrid Worker from Orchestrator

While the Operations Management Suite (OMS) and Azure Automation are the future of process automation, there are still many customers still using System Center Orchestrator (SCO). In fact, when polling audiences I have spoken to in the last six months, they are still the majority. For customers taking their first step into hybrid cloud automation, often OMS Automation and the Hybrid Runbook Worker are that first step (OMS enables the Hybrid Runbook Worker capability for Azure Automation).

A few users have asked how to trigger Azure Automation runbooks from Orchestrator, so I thought it was time to write up a quick how-to on the easy way to meet the need. While webhooks are a great tool, only people with the URL can use it, and passing that URL around to multiple teams via e-mail and the like may be less desirable than simply letting authorized teams in your org use their Azure credentials with delegated permissions. So we will look at triggering the runbook directly in this installment.

If you want to launch an Azure Automation runbook on a Hybrid Runbook Worker from System Center Orchestrator, here is the easy way complete the task in three steps, including a parameterized PowerShell script to use in your first runbook.

Step 1: Configure Orchestrator to use the latest version of PowerShell

By default, Orchestrator wants to use an ancient version of PowerShell (v2), where you cannot successfully load the Azure PowerShell module. While you could result to more complex PowerShell scripts to work around this, MS has provided an unadvertised registry key in System Center Orchestrator that you can use to work around this. This eliminates the need for any complexity in your PowerShell script.

1. Use regedit to navigate to the following key on your runbook servers: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework

2. Add a new DWORD entry and value of: OnlyUseLatestCLR = 1

From this point on, Orchestrator will call the latest version of PowerShell. You should have PowerShell v5 if you are working with Azure Automation and OMS. I am using PowerShell 5, Azure SDK 2.9 and latest version of Azure Automation PowerShell, dated 3/30/2016.

DISCLAIMER: I have not heard from MS that this breaks the support agreement. After all, they are the ones who put the registry key there! I do know there are at least a few companies using this in production today. If concerned, always check with Microsoft directly.

Step 2: Add credentials as variables

In figure 1, you will see I have added Azure logon credentials as variables in Orchestrator. Make sure to add your password as an encrypted variable, so it is not visible to others, as shown in the image below. Also, make sure to use credentials from your Azure AD instance. Authentication with a Microsoft (Live) account via Azure PowerShell will fail.

SCO variables

Figure 1. Azure subscription username and password

Step 3: Add sample script in SCO

Here is the sample script, which you will add to a Run .Net Script activity in Orchestrator, as pictured below. Notice in the images below I have also replaced the hard-coded values of the variables for Azure user and password, as well as the Hybrid Worker Group with the appropriate script variables and parameters. I have also replaced the one parameter of a simple ‘Hello World’ Azure Automation runbook (the ‘Message’ parameter), which accepts the message of your choice and logs it to a HelloWorld.txt file on the Hybrid Worker where it runs. There are several ‘Hello World’ examples for Azure Automation available (such as this from TechNet Gallery), so grab one for testing.

TIP: By making Hybrid Worker Group a parameter in your SCO runbook, you can effectively trigger an Azure Automation runbook on hybrid workers in any datacenter in the world from a single Orchestrator instance! You will see how this is done in figures 3 and 4 below.

SCO Runbok

Figure 2. Sample SCO runbook for calling our Azure Automation runbook on a hybrid worker.

Here is a simple PowerShell script you can use in Orchestrator to trigger a runbook in your Azure Automation account. Make sure to update the value of the -AutomationAccountName in the last line of the script as well!

# Import Azure Modules
Import-Module "C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ResourceManager\AzureResourceManager\AzureRM.Profile\AzureRM.Profile.psd1"
Import-Module "C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ResourceManager\AzureResourceManager\AzureRM.Automation\AzureRM.Automation.psd"

# Authenticate with Azure AD credentials

# Hybrid Worker Pool
$HRWPool = 'ConfigMgrPool'
$SecurePassword=Convertto-SecureString –String $MyClearTextPassword –AsPlainText –force

$cred=New-object System.Management.Automation.PSCredential $MyUserName,$SecurePassword

Login-AzureRmAccount -Credential $cred

#Runbook parameters
$params = @{"Message"="Hello Azure Community!";}

Start-AzureRmAutomationRunbook –AutomationAccountName "contoso-testrba" –Name "Hello-World" `
-ResourceGroupName 'Default-Networking' –Parameters $params -RunOn 'ConfigMgrPool'

Notice I have replaced the values of the aforementioned hard-coded parameters, as shown in figure 4 below.

SCO Runbook Params

Figure 3. SCO Runbook Parameters


Figure 4. Parameterized PowerShell script in Orchestrator (Run .NET Script activity)

Step 4: Test Your SCO Runbook

To test my configuration, I’ll use the Orchestrator Runbook Tester. Once I see success reported in the Runbook Tester, I will then check Azure Automation and the HelloWorld.txt on the Hybrid Runbook Worker as an initial end-to-end validation my solution is working as intended.

Trigger Runbook

 Figure 5. Testing the runbook from the Orchestrator Runbook Tester

About 3 minutes after I started the job, I see a completed message in the Jobs area of my Azure Automation subscription, as well as an entry in HelloWorld.txt from my own Hello World runbook I use for testing.
Runbook Results

Figure 6. Runbook successfully triggered in Azure Automation and run on Hybrid Worker

That’s it for this installment. Let me know if you struggle with any of the above or have questions. Good luck!

Free E-book: Inside the Microsoft Operations Management Suite

Tao (@MrTaoYang), Stan (@StanZhelyazkov), Anders (http://contoso.se)  and I have been working on a project for the last few weeks. We wanted to bring a learning resource for the MS Operations Management Suite to the community that is complete, comprehensive, concise…and free (as in beer). While we finish final editing passes over the next couple of weeks, we wanted to share an early copy of the book so you can start digging in while we finish our work!

Description: This preview release of “Inside the Microsoft Operations Management Suite” is an end-to-end deep dive into the full range of Microsoft OMS features and functionality, complete with downloadable sample scripts (on Github). The chapter list in this edition is shown below:

  • Chapter 1: Introduction and Onboarding
  • Chapter 2: Searching and Presenting OMS Data
  • Chapter 3: Alert Management
  • Chapter 4: Configuration Assessment and Change Tracking
  • Chapter 5: Working with Performance Data
  • Chapter 6: Process Automation and Desired State Configuration
  • Chapter 7: Backup and Disaster Recovery
  • Chapter 8: Security Configuration and Event Analysis
  • Chapter 9: Analyzing Network Data
  • Chapter 10: Accessing OMS Data Programmatically
  • Chapter 11: Custom MP Authoring
  • Chapter 12: Cross Platform Management and Automation

This early edition is being shared with the community while final edits are being completed. Please send questions, comments or errata you find to insidemscloud@outlook.com.

You can download for free from the TechNet Gallery at: