I was recently working with a customer who had a specific change control process around their Group Policy Objects (GPO). In order to fulfill their requirements, I created a GPO Configuration Item (CI) class in System Center 2012 Service Manager (SCSM). Then to make life easier, I created an Orchestrator Runbook to automatically populate the class with the GPOs from their environment. This blog post will show you how this works and how you can implement it in your environment. I have included a download that contains the management packs and runbook.
To begin, I created a management pack, using the Service Manager Authoring Tool. The management contains a custom Configuration Item Class, named Group Policy Objects, with the following properties.
|Internal Name||Name||Data Type||Key|
I then sealed and imported the management pack to Service Manager. Now that I had the class created it came time to populate it. Instead of doing a CSV import or adding the GPOs manually, I created an Orchestrator Runbook to automatically populate the data.
The runbook uses a PowerShell script to retrieve all of the Group Policy Objects in the domain. Then a second PowerShell script to return the details of each GPO. Next it formats the Creation Time and Modification Time to the SCSM datetime format (yyyy-MM-ddThh:mm:ss). Then it checks to see if the GPO is already in SCSM. If not it is added. If it is already present then the object is updated with the latest details.
As is, the runbook is designed to be run manually. However, you can create a schedule task or update it to use a Monitor Date/Time activity to schedule it to run periodically.
So how do you implement this in your environment? That is the easy part. Just download the zip file below. If contains the management pack (both sealed and unsealed), the runbook, and install instructions.