An approach to automate SCOM service account password change – part 3/3: the script in action
This is part three of my little blog series on how to automate SCOM service account password changes. In part one I set the stage, in part two I explained the individual steps this script performs and now I will show you how the script is working and what result it produces. You can download the script from TechNet Gallery.
CAUTION and NOTE
- This script is a proof of concept to demonstrate how to automate password changes in SCOM. It is neither fully tested nor supported by me or Microsoft in any way. Do not use this script without analyzing the code carefully and maybe adapting it to your needs. Use it at your own risk!
- There are always several way to perform certain tasks. Some are much more elegant than others. I do not claim to always use the most elegant ways in my script *smile*
Ok, let’s get started:
Calling the script with random individual passwords (default setting) and backing up the SRS encryption key:
PS> SCOM-SEC-ChangeSVCPassword.ps1 -managementserver myms.domain.com –BackupSRSEncryptionKey
To prevent any accidental use of the script:
The whole picture
If everything goes fine, you will not get any further consent prompts and the script shell output will look something like that:
contains detailed logging information (without any password information)
contains all account information including the new passwords in clear text
contains potential PowerShell errors.
- [optional] YYYY-MM-dd_hh-mm_[SRS Servername]_SRS_EncryptionKey.snk
contains the SRS encryption key. The password for this key is the password of one of the accounts. Please check the YYYY-MM-dd_hh-mm_OpsMgr_SVC_PasswordChange.log for details
Testing and verification
Do not forget to test every single SCOM component after the change! Verify that everything is up and running. If you have 3rd party software which requires password changes as well, please do this now!
By using an automated approach like the demonstrated script
- I can change SCOM service account passwords even in complex environments in under 2 minutes
- Because it is fast it allows more frequent password changes, thus increasing the overall security of your environment
- All steps and actions taken are documented and logged automatically
I hope you found this blog series interesting and it encourages you to create your own automation tools for your SCOM environment(s).
As always I would love to hear your feedback and comments.