Orchestrator Runbooks Not Appearing In Service Manager

After creating a new folder in the Orchestrator Runbook Designer console and a couple of runbooks I found the connector from Service Manager to Orchestrator was not pulling the new runbooks through. The permissions on the new folder had inherited and the account running the connector had permissions.

I found the following SQL command to run against the Orchestrator database

TRUNCATE TABLE [Microsoft.SystemCenter.Orchestrator.Internal].AuthorizationCache

This refreshes the orchestrator authorization cache which presumably contained data created before my new runbook folder. After that running the connector again pulled through the new runbooks as expected.

Add Group Managers as Approvers to Folder Access Requests

In my previous post Automate Access to Folders With Service Manager and Orchestrator I described how I had created a service manager template and orchestrator runbook to add users to the right security group when they requested access to a folder. This post expands on that and describes how to add the group manager as an approver to the request.

The request for on the (Cireson) SCSM portal looks like this (the level of access that can be requested in limited to a list of “Modify” and “ReadAndExecute”):

Continue reading →

Adding Service Owners As Approvers in Service Manager

When raising a change request its important that the right people get visibility of them. In Service Manager Business Service Owners can be added as CR approvers through Orchestrator. The high level overview is that users add config items to CR’s, the relevant services are then automatically added to the CR and the Service Owners are added to the CR Approval step.

In SCSM under Configuration Items > Business Services > All Business Services > the business services first need to be configured with the relevant owners:

Continue reading →

Automate Access to Folders With Service Manager and Orchestrator

Following on from previous posts on 1) Automating Permissions Reporting With Orchestrator and 2) Permissions Logging With Powershell this post discusses how to use the previously created database that contains the network folder to security group mappings to automatically add a user to the correct AD group when they have requested access to a network folder. This requires the requesting user to have no knowledge of the actual group, just the folder path.

Remember this is what the database containing the network folder to group mappings looks like:

The offering on the Service Manager portal is a Custom Form/Class I designed and called NTFSAccessRequest. It is published as a service request on the SCSM Portal.

Continue reading →

Automate Patching With Service Manager and Orchestrator

Firstly credit where its due:

Thanks to the scripting guy for the poweshell to determine when a server is pending a reboot: http://blogs.technet.com/b/heyscriptingguy/archive/2013/06/11/determine-pending-reboot-status-powershell-style-part-2.aspx

And MyItForum for the SCCM Powershell command to install available patches: http://myitforum.com/myitforumwp/2012/11/20/powershell-command-to-install-all-pending-sw-updates-on-a-cm12-client/

Orchestrator can be used to automate a server patching process (as well as pretty much anything else you can think of). In my case the updates were already being made available through SCCM, see this post and I wanted a way of scheduling and controlling the install.

I wanted to be able to supply a list of servers to be patched one at a time. Each server would be patched when the previous server had been confirmed as restarted or having no patches available.

Continue reading →

SCSM Powershell to Change Work Item Status

Sometimes work items get stuck in a pending state, if the parent work item is closed then a child item cannot be manually changed for example:

The following code takes a work item(s) filtered on class name and title and then updates the status:


Import-Module SMLets
Get-SCSMClass | where {$_.displayname -match 'review activity'} | get-scsmobject | where {$_.Title -match "work item title"} | Set-SCSMObject -Property Status -Value "Completed"

* -match can be replaced with other comparison operators such as -contains or -notmatch etc.

Decommissioning A User Account With Service Manager And Orchestrator

When a user leaves an organisation something has to be done with their account. Not many organisations can tolerate it just sitting in AD. Service Manager and Orchestrator are capable of automating all of the manual steps normally involved. The following example shows how to display a Request Offering for Managers to submit requests when a user leaves.

This post doesn’t show information around the review activities involved and how the users manager is added to an RA for approval. See this post for those steps.

The first part is the Request Offering that is shown on the portal:

Continue reading →

Deploying The SCSM Console Through SCCM

The Service Manager console can fairly easily be deployed through SCCM. In the following example I have deployed the console to a user collection in SCCM. Note that in the below walkthrough I have already done the work I am just demonstrating what the particular applications, deployments and settings should look like.

The first thing to do it to create an Application for SQL Server 2012 AMO. I also created a package for the Report Viewer Redistributable only to find that the SCSM installer installs that particular pre-requisite itself.
The SQL Server 2012 Analysis Management Objects installer can be downloaded on its own or as part of the SQL Server 2012 Feature Pack from here:

Continue reading →

Monitor Rejected Review Activities In Orchestrator

I prefer to use Orchestrator to monitor rejected Review Activities in Service Manager.

To me it is far less cumbersome than writing notification templates in SCSM and easier to work with once set up. The below screenshots are of how to set up a simple runbook in Orchestrator to monitor for failed Review Activities and notify the owner of the parent work item.

In this case the parent work item is of type ITRR which is a custom class I created. Note that the runbook would need an additional branch for each parent class containing review activities, or indeed a separate runbook.

So firstly the runbook looks like this (note that this is an always on Runbook):

Continue reading →

Creating Custom Forms in Service Manager

I recently had a request to see if there was a way Service Manager could store a list of requests one of the teams had to deal with. Of course we could have used a standard service request but given that Service Manager has the ability to design custom forms I set about creating them a custom class and form to use and created them a view in SCSM where they could view and keep track of their custom requests.

I opened up the Service Manager Authoring Tool and created a new Management Pack. By right clicking classes you can “Create other class”.

Continue reading →

Add Manager Approval For A Request in SCSM

The following example walks through the process of adding a requesting users manager to a review activity in Service Manager. The Review Activity could be part of a change request or a service request of course. The manager is obtained from the users AD account manager attribute.

The Orchestrator runbook is as follows:

Continue reading →

Add Automatic Email Processing To Service Manager With An Office365 Mailbox

Integrating a dedicated Service Manager mailbox with SCSM adds a good deal of functionality. When configured properly users can raise new incidents, add comments to existing incidents and review activities can be approved by reviewers by simply replying to an email informing them that their approval is required.

I recently set this up and our mailbox was based in Office365, it doesn’t really make a difference though the Exchange Connector is still used. It can be downloaded here.

Continue reading →

Add Prefix to SCSM Work Items In Orchestrator

To adjust the prefixes given to new work items created by Orchestrator simply add the ID field to the new work item and add the prefix in front of the {0}:

Changing Views In Service Manager To Include Additional Columns

By default in SCSM some of the views do not include columns like “Assigned To” which seem to be a fairly obvious requirement. At first glance its not obvious how to change the views to include these columns but it is possible. The answer is to change the Work Item type that the view displays.

In the below example the type is changed from Incident to Incident (Advanced). Then the additional columns can be added.

Initial view:

Continue reading →

Automated Server Decommissioning Using Service Manager And Orchestrator

Decommissioning a server can be a lengthy process needing to involve different teams and complete multiple tasks. The below process inludes several of these tasks and could easily be extended to include more.

The first part was to create a Service Manager class based on the service request form to contain the additional fields required for the process:

Continue reading →

Automated Virtual Server Build Using Service Manager and Orchestrator

Building a new virtual server through a Service request in SCSM and an Orchestrator Runbook is easily achievable. There are multiple ways this could be achieved the approach I took was as follows:

Ultimately the Service Request will be presented to end users on the portal:

Continue reading →