One of the biggest challenges I see when working in an environment which has multiple management groups is how to keep management groups in sync with each other. Without an effective change management process for overrides it quickly becomes impossible to keep the various management groups tuned in the same way. The challenge synchronizing management packs is significant due to the number of components which need to be in place before making an attempt using an automated method. The following are the key challenges or questions which need to determine an appropriate approach:

  1. How do you find all Microsoft management packs which may be loaded into an environment? Stanislav and Damian wrote an excellent PowerShell script which will download and extract all of the management packs from the management pack catalog. The result is a consistent naming structure which includes both the full name of the management pack AND the version of the management pack. Both of these need to be available to make the process work. Their script is available for download at: https://gallery.technet.microsoft.com/scriptcenter/All-Management-Packs-for-37d37902. You can watch the script in action at http://youtu.be/w2HQynSo79I.
  2. How do you determine which custom override management pack should be synchronized between the environments? Override management packs contain the majority of the changes which are done for alert tuning in Operations Manager. Some of these customizations may be management group specific and some can be applicable to any management pack (hint – tune with groups to make these portable between management groups). To address these items, we used a keyword in the management pack description to indicate whether an override management pack should be exported from the main management group and added to the secondary management group.
  3. What about third party management packs? Third party management packs can be downloaded and extracted into the same file structure created by the MP download and extract script. As long as they are in the same format (i.e.: extracted with the .mp or .mpb file in the lowest level folder with the correct version number listed in the path) then these can be auto-synchronized between the management groups.
  4. Can you exclude management packs from synchronization? There are several management packs which must be loaded manually to work correctly. Examples of these include the Exchange 2010 management pack (with the correlation engine) and all Azure Ops Insights management packs (they are pushed into the environment when you choose to activate the intelligence packs). To avoid attempts to synchronize these management packs there is a file available called MPStoSkip which includes management packs which should never be synchronized.
  5. How do you handle management pack dependencies? Operations Manager management packs often have dependencies on other management packs which need to be added before the management pack can be added. Currently this script does not consider dependencies when adding management packs. The approach I’m using to address these dependencies is to re-run the script a few times (each time it takes the lowest level dependencies, so over multiple executions it handles all outstanding management pack dependencies).
  6. How should these scripts be executed? At this point I am executing both of these through the task scheduler (the video for the management pack download shows how the task scheduler is configured http://youtu.be/w2HQynSo79I). Eventually believe it will make the most sense to execute these through Service Management Automation (SMA).
  7. Is this script fully functional and complete? I would state that this script is functional but could use a heck of a lot more enhancement going forward. I have listed a few in the comments on the script. These include:
    1. Change the script to accept parameters for the main and secondary management group information.
    2. Add better handling for management pack dependencies.
    3. Add better logging and error handling.
    4. Avoiding re-importing existing custom override management packs which have already been loaded into the secondary management group.
    5. Tao has provided an excellent scripted approach to allow this to run on a non-Management Sever (running this on a management server is currently a requirement) which I will work to integrate into a next version.
    6. Add either an export for all custom MP’s, or in some way tie into Tao’s self-maintenance script for the backup of management packs.

    That said however, this script is effectively synchronizing management pack differences between the two management groups that I run in my lab environment. This script can be seen in action at http://youtu.be/zjvBiR6kZss.

  8. So what does the process flow look like? There are two tasks which can run at the same or different times. The first is the management pack download and extract script mentioned above, the second in the management pack synchronization script as shown below.

 

Management Pack synchronization script walkthrough:

The management pack synchronization script has three major sections:

1) Export all unsealed MP’s with the keyword "AutoMPSYNC" in the description into the c:\mpimport directory.

2) Compare two management groups to identify differences in management packs loaded. Find the management packs which are different from the Management Pack Repository, and copy them to the c:\mpimport directory.

3) Import management packs found in the c:\mpimport directory.

The screenshot below show the script in action – all management packs identified for addition to the second management group were stored in the c:\mpimport directory.

The initial synchronization started with 72 MP’s to synchronize:

After running the 2nd round, there were 46 management packs remaining to synchronize. Subsequent executions of the script brought both management packs to the same version.

To validate the success of addition of management packs onto the secondary management group, the screenshot below shows the management packs (from the administration pane, management packs, ordered by the date imported field) which were added.

 

Management Pack synchronization customization for your environment:

All variables are defined in the top of the script and referenced throughout. At a minimum the primary server information and secondary server information sections need to be filled out with the appropriate server and account information.

# Define all variables for the script

 

#Enter Primary Server Information

$MG1SRV
=
‘Server Netbios or FQDN’

$MG1User
=
"domain\user"

$MG1Pwd
=
"password"

 

#Enter Secondary Server Information

$MG2SRV
=
‘Server Netbios or FQDN’

$MG2User
=
"domain\user"

$MG2Pwd
=
"password"

 

$Scripts
=
"c:\scripts"

$MPStoImport
=
"c:\scripts\MPStoImport.txt"

$MPStoSkip
=
"c:\scripts\MPStoSkip.txt"

$MPSwithoutSkip
=
"c:\scripts\MPStoImportNS.txt"

$MPRepository
=
"y:\MPRepository\"

$MPImportDirectory
=
"c:\mpimport"

 

###################################################

# #

# DO NOT MAKE ANY CHANGES BELOW THIS LINE #

# #

###################################################

 

Where can I get the script?

This script is available for download at: https://gallery.technet.microsoft.com/scriptcenter/PowerShell-Management-Pack-729ab4e8.

 

Thank you to Larry Rayl for his review of this blog post (it’s much more readable as a result!) And thank you to the monitoring focused MVP’s out there (you know who you all are!) who have provided both excellent feedback and encouragement to get this blog post online!

 

Summary: Hopefully this script can be a starting point to help fully automate the process to synchronizing management packs between a variety of management groups (and potentially a method to identify best practice tuning approaches and automate the addition of that type of tuning the future). Please feel free to update the script and send me information on the changes that you have made to make this work better for your environments!