Earlier this week, Microsoft has release a new feature in System Center Configuration Manager 1606 called OMS Connector:
As we all know, OMS supports computer groups. We can either manually create computer groups in OMS using OMS search queries, or import AD and WSUS groups. With the ConfigMgr OMS Connector, we can now import ConfigMgr device collections into OMS as computer groups.
Instead of using the OMS workspace ID and keys to access OMS, the ConfigMgr OMS connector requires an Azure AD Application and Service Principal. My friend and fellow Cloud and Data Center Management MVP Steve Beaumont has blogged his setup experience few days ago. You can read Steve’s post here: http://www.poweronplatforms.com/configmgr-1606-oms-connector/. As you can see from Steve’s post, provisioning the Azure AD application for the connector can be pretty complex if you are doing it manually – it contains too many steps and you have to use both the old Azure portal (https://manage.windowsazure.com) and the new Azure Portal (https://portal.azure.com).
To simplify the process, I have created a PowerShell script to create the Azure AD application for the ConfigMgr OMS Connector. The script is located in my GitHub repository: https://github.com/tyconsulting/BlogPosts/tree/master/OMS
In order to run this script, you will need the following:
- The latest version of the AzureRM.Profile and AzureRM.Resources PowerShell module
- An Azure subscription admin account from the Azure Active Directory that your Azure Subscription is associated to (the UPN must match the AAD directory name)
When you launch the script, you will firstly be prompted to login to Azure:
Once you have logged in, you will be prompted to select the Azure Subscription and then specify a display name for the Azure AD application. If you don’t assign a name, the script will try to create the Azure AD application under the name “ConfigMgr-OMS-Connector”:
This script creates the AAD application and assign it Contributor role to your subscription:
At the end of the script, you will see the 3 pieces of information you need to create the OMS connector:
- Client ID
- Client Secret Key
You can simply copy and paste these to the OMS connector configuration.
Once you have configured the connector in ConfigMgr and enabled SCCM as a group source, you will soon start seeing the collection memberships being populated in OMS. You can search them in OMS using a search query such as “Type=ComputerGroup GroupSource=SCCM”:
Based on what I see, the connector runs every 6 hours and any membership additions or deletions will be updated when the connector runs.
i.e. If I search for a particular collection based on the last 6 hours, I can see this particular collection has 9 members:
During my testing, I deleted 2 computers from this collection few days ago. If I specify a custom range targeting a 6-hour time window from few days ago, I can see this collection had 11 members back then:
This could be useful sometimes when you need to track down if certain computers have been placed into a collection in the past.
This is all I have to share today. Until next time, enjoy OMS .