How to verify that all Management Packs in a SCOM Management Group are up-to-date?
Have you checked your Management Groups lately if they contain the most current sealed Management Packs? How do you that?
Easy task, isn’t it? Simply use the SCOM console to verify your MPs against the Microsoft online MP Web catalog and you are done!
Hmm, is it really that simple? Unfortunately I don’t think so. First of all:
- the Microsoft MP catalog does not always contain the most current MP versions
- the Microsoft MP catalog does neither contain MPs from other vendors nor - obviously - custom (own) MPs
And to make things a bit more complicated: most of my customers have multiple Management Groups in secure locations, usually with no online access to the Microsoft MP catalog.
For this reason in this post I will describe a possible and working solution that allows us to verify if a Management Group contains the most current MPs from
- 3rd party venfors (like HP, Veeam etc.) and
- own custom MPs
without using internet access.
The solution - Overview
The solution for this problem is actually quite simple and covered in three steps:
- Step 1: Create a reference list of all current sealed MPs and store it as a CSV
- Step 2: Create a list of MPs from your Management Group and store it as a CSV
- Step 3: Compare both files
Simple, isn’t it?
The solution - Challenge
Step 1of the proposed solution is the tricky part: How do we create such a reference list of MPs?
To create a list of all current MPs used in your environment you need a properly managed local MP store that contains all MPs in a certain folder structure. This post uses a MP store described in my short blog post series “Creating your own MP store” Part 1, 2 and 3.
Without such a store as a repository you are unable to build a complete MP reference list!
As soon as a new MP is available from any source I recommend to download it and store it in your local MP store. This is also true for all MPs included in Update Rollups, Service Packs etc. Download everything you (probably) need. A Management Pack requires very little space in your MP store. Even if your colleagues call you a “hunter-gatherer”: It is better to have a broad and comprehensive store at hand, when it comes to answering the question “Is my Management Group up-to-date?”.
The solution – Process description
As I like descriptive processes, I have created a process description for this solution:
The solution – detailed steps
Prerequisites and requirements
This solution requires:
- a well maintained local MP store containing the latest version of all MPs used in your SCOM environment(s)
- "Modify" access to this local MP store
- a SCOM 2012 (R2) Management Group
- the script SCOM-MP-CompareVersionBetweenMGandStore.ps1 attached to this post to automate all steps.
It is fully documented with a command based help:
PS> get-Help SCOM-MP-CompareVersionBetweenMGandStore.ps1 -full
Step 1: Create a reference list of all current MPs from your local MP store and Export it as a CSV
- Log on to a machine with a SCOM 2012 R2 console installed
- Map your local MP store as a drive to this machine (e.g. as Y:\_MP-Reference)
- Copy the script SCOM-MP-CompareVersionBetweenMGandStore.ps1 attached to this post to this machine
- Start a PowerShell console as local Admin
- Call the script:
PS C:\> D:\Scripts\PowerShell\SCOM-MP-CompareVersionBetweenMGandStore.ps1 -CreateReferenceFolder –MPStoreRootFolderPath Y:\_MP-Reference -copympstofolder
- This will create a reference folder inside the MP store:
- This folder contains also the reference CSV file with all filtered MP files in this folder:
This script will:
- Parse all vendor folder in your local MP store
- Collect all MP/MPB files
- Double check the version of the MP file (therefore we Need SCOM SDK access)
- Keep only the most current versions of the MPs
- Create a reference folder in the MP store and copy all current MPs to this folder
Result: A reference CSV file containing a list of your most current MP files used in Step 3
Step 2: Create a list of MPs from your Management Group and export it as a CSV
- Log on to a machine with a SCOM console and access to your target Management Group
- Start the SCOM shell and connect to your Management Group
- Export all MPs:
PS> get-scommanagementpack | export-csv c:\temp\test.csv -notypeinformation –delimiter “;”
Result: A CSV file containing a list of your current MPs stored in your Management Group used as Input in Step 3
Step 3: Compare both CSV files
Log on to a machine with PowerShell 3+
Map your local MP store as a drive to this machine
Copy the script SCOM-MP-CompareVersionBetweenMGandStore.ps1 attached to this post to this machine
Start a PowerShell as a local Admin
Call the script with these parameter:
This script will:
- Compare both CSV files and use your Management Group CSV as a reference
NOTE: MPs available in the MP store but not used in your Management Group will be ignored
- Create a CSV file as a result, which you can than analyze in Microsoft Excel:
- The script will tag each MP with one of these comparison results for simple filtering:
Equal MP has the same Version in Management Group and MP store Update Management Group MP in Management Group is outdated -> update MP Update MP-Store MP in store is outdated -> update store (this should never happen) Copy to MP-Store MP from Management Group is not available in MP store - this should never happen
- It will [optionally] create a folder yyyy-MM-dd_Update_MG_<MGName> and copy all files tagged with "Update Management Group" to this folder:
1. A CSV file with all MPs which needs to be updated in your Management Group
2. An optional folder containing all MP files which needs to be updated. You can use the content of this folder to update your Management Group.
In this post I have described a possible solution for verifying your SCOM Management Groups regarding Management Pack up-to-dateness. It provides several advantages:
Executing all steps requires only about 5-10 mins. Once you have finished Step 1, you can verify multiple Management Groups within minutes
This solution analyses all MPs from all different sources (Microsoft, 3rd party Vendor, custom MPs), as long as the MPs are included in your local MP store
- No internet access required
This solution requires no internet access and can be performed completely offline
- Works with distributed, highly secured Management Groups
Because all three steps of the solution can be executed independently it will even work in high secure environments and without giving a single person/role access to all components (MP store, Management Group)
How do you think about this solution? Will it work for you? Do you have different solutions or ideas?
I would really like to here about it and feedback is, as always, highly appreciated!