Enabling Agent Proxy for a Class in System Center Operations Manager 2007

image Agent Proxy needs to be enabled for several different management pack features to work properly.  Active Directory, Cluster and Exchange are few common management packs requiring Agent Proxy to be enabled, just to name a few.  Enabling the Agent Proxy security setting allows an agent to submit data on behalf of another source.  By default this setting is not enabled for any agents, so when we import a management pack that expects an agent to submit data not originating from that agent (i.e. other sources) we need to enable this security feature in order for some workflows to function.

There are several scripts available in various posts which help accomplish this task, as it can be quite tedious selecting individual agents and configuring this manually.  There are even a couple tools published that have helped many administrators accomplish this task, both GUI and command line.

Since it’s usually a particular type or role which an agent hosts that requires Agent Proxy to be enabled, I thought it would be nice if we could run a script that would enumerate all agents that host a particular type or role and enable Agent Proxy in one pass.

image Test this script thoroughly in your lab environment before attempting to use in production to avoid mistakenly enabling or disabling agent proxy on unintended targets.  If you choose to run it against Windows Computer class, it will enable or disable it for all agents in the management group.

image This script works its way up the parent class path, until it finds a Windows Computer object.  It then resolves the Agent Base Managed Entity Id and sets the Agent Proxy property.  If the class you choose does not resolve to a Windows Computer object, the script will fail.
Keep in mind, this is a fairly raw script without error handling and many bells and whistles.

imageHere are a few classes I tested the script against, enabling Agent Proxy on agents which commonly need it enabled.

Microsoft.Windows.Server.DC.Computer – all domain controllers

  • Microsoft.Windows.Cluster.Node – all cluster nodes
  • Microsoft.Exchange.ServerRole.2003 – all exchange 2003 server roles
  • Microsoft.Exchange2007.ServerRole – all exchange 2007 server roles

If you want to return a list of all classes, run the following command:

Get-MonitoringClass | Select DisplayName,Same | Sort DisplayName

image Usage:

Copy the entire script below, everything between ##--Begin and ##--End, and paste into a text file in some location.  Name the file ClassProxyEnabler.ps1.

Open Operations Manager Command Shell and type in the path to the script and the required parameters, and hit enter.


Class Name: This is the class system name, not the friendly name.
$True/$False: $true to enable, $false to disable
Output directory: The script logs all actions to this directory, with file name “class_date_time.txt”.  This directory must exist.  If there are spaces in the path, the path must be enclosed in quotes.


c:\ClassProxyEnabler.ps1 Microsoft.Windows.Server.DC.Computer $true c:\out\


##--Begin ClassProxyEnabler.ps1

##--Get the class in which you want to set Agent Proxing
$class = Get-MonitoringClass | Where {$_.Name -eq $className}
##--Get all objects in that class
$objects = Get-MonitoringObject -monitoringClass:$class
##--Create an array of BME's
$arrBME = @()
Foreach ($object in $objects)
If ($object.FullName -notcontains "Microsoft.Windows.Computer:")
$parent = $object.getParentPartialMonitoringObjects()
Foreach ($oParent in $parent) {If ($oParent.FullName -match "Microsoft.Windows.Computer") {$object = $oParent}}
Until ($object.FullName -match "Microsoft.Windows.Computer")
$arrBME += $object.Id.ToString()
##--Create an array of agents to help script performance.
$agentArray = @()
Foreach ($agent in Get-Agent)
$agentArray += $agent
##--Create output file
$localTime = (get-date).ToLocalTime()
$year = $localTime.year.ToString()
$month = $localTime.month.ToString()
$day = $localTime.day.ToString()
$hour = $localTime.hour.ToString()
$min = $localTime.minute.ToString()
$fileName = $class.name + "_" + $year + "-" + $month + "-" + $day + "_" + $hour + "-" + $min + ".txt"
$filePath = $fileDir + $fileName
##--Walk through the array and set Agent Proxying for each agent
Foreach ($BME in $arrBME)
While ($i -ne $agentArray.count)
If ($BME -eq $agentArray[$i].Id.ToString())
##--Screen formatting
$space = " "
$spaceCount = 30 - $agentArray[$i].PrincipalName.length
##--If already set to preference, skip with message.
If ($agentArray[$i].ProxyingEnabled.Value -eq $bTF)
$agentArray[$i].PrincipalName + $space*$spaceCount + "No action taken"
$agentArray[$i].PrincipalName + $space*$spaceCount + "No action taken" | out-file $filePath -append
$i = $agentArray.count
##--Allow operator to track screen output
Start-Sleep -m 200
##--If not set to preference, modify with message.
$agentArray[$i].PrincipalName + $space*$spaceCount + "Modifying..."
$agentArray[$i].PrincipalName + $space*$spaceCount + "Modifying..." | out-file $filePath -append
$i = $agentArray.count
##--Allow operator to track screen output
Start-Sleep -m 200
Write-Host "`n`n`n`nResults saved to $filePath"

##--End ClassProxyEnabler.ps1

image Schedule this script to run on a regular basis for the domain controller or cluster classes.  Whenever new domain controllers or cluster nodes come online, Agent Proxy will be enabled automatically.
This script ONLY makes modifications if required.  In other words, there is no harm in running this multiple times.  Agent Proxy will only be modified if it does not match the $true or $false parameter supplied.

Jonathan Almquist | Premier Field Engineer

For more information or to provided feedback please see my original post at http://blogs.technet.com/jonathanalmquist/archive/2009/09/22/enable-agent-proxy-for-a-class-classproxyenabler.aspx.