Problem: We have legacy Alert Generating Event Collection rules that legitimately create alerts so that a particular group gets notified of changes to security accounts and groups in Active Directory. In hind sight they should have been TIMER RESET event Monitors, but there are so many of these rules that it would be a significant undertaking to convert them all (read that as re-create as Timer reset Monitors). We want to close all the alerts generated from these rules as soon as they fire an email to the team since no one will ever directly address the alert.

Solution: PowerShell to the rescue! Using a command channel to call PowerShell with the alerted, we can close the alert when the subscription fires. Since all of these rules are isolated and alerted by a single subscription it makes the job that much easier.

1. Write some code to pull the specific alert (See the code at the end of this blog article)

2. Setup a channel to call the PowerShell script and pass the alerted:
clip_image001

3. Setup a subscriber for the new PowerShell channel:
clip_image003

4. Add the Subscriber and Channel to the Subscription firing the alerts for the rules in question:
clip_image005
clip_image007

5. Test it by triggering one of the events on a system the rules are deployed to. The event should fire an alert , send an email and the alert should close.

Here’s the PowerShell script to accomplish this in OpsMgr 2007 R2: (and thanks again to Graham Davies whose original script was used as the starting point for the one shown below)

Param($alertid)

$alertid = $alertid.toString()

# Script to Output Alerts from Operations Manager 2007

# Graham Davies

# May 1st 2008

# Name of Root Management Server

$RMS="<RMS Server Name>"

# Initialise OpsMgr Provider

## prepare OpsMgr shell

if ((Get-PSSnapin | Where-Object {$_.Name -eq ‘Microsoft.EnterpriseManagement.OperationsManager.Client’}) -eq $null) {

Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client -ErrorAction SilentlyContinue -ErrorVariable Err

if ($Err) { $(throw write-Host $Err) }

}

if ((Get-ManagementGroupConnection | Where-Object {$_.ManagementServerName -eq $RMS}) -eq $null) {

New-ManagementGroupConnection $RMS -ErrorAction SilentlyContinue -ErrorVariable Err

if ($Err) { $(throw write-Host $Err) }

}

if ((Get-PSDrive | Where-Object {$_.Name -eq ‘Monitoring’}) -eq $null) {

New-PSDrive -Name: Monitoring -PSProvider: OperationsManagerMonitoring -Root: \ -ErrorAction SilentlyContinue -ErrorVariable Err

if ($Err) { $(throw write-Host $Err) }

}

Set-Location Monitoring:\$RMS

$alert = Get-Alert -Criteria "Id = ‘$alertid’"

$alert.ResolutionState = 255

$alert.CustomField10 = $alertid

$alert.Update("")

All of the credit on this one goes to Louis Oliver who built this solution and provided me with all of the details as to how he did it. Way to go Louis!