Home Analyst Portal

Is there a script to add end users to service management database?

Leon_VaughnLeon_Vaughn Customer IT Monkey ✭
In my environment the SM AD connector has stopped working hence new users are not being pulled in to gain access.
While we work on that we would like to add the users manually so that they can access the portal.

Answers

  • Conner_WoodConner_Wood Customer Ninja IT Monkey ✭✭✭✭
    Can you confirm the Run As Account for the AD Connector has valid credentials/permissions?

    If so, I recommend disabling your current AD Connector through powershell twice (with a one second delay).

    Source: https://blogs.technet.microsoft.com/thomase/2011/09/27/scheduling-and-disabling-the-scsm-active-directory-connector-via-powershell/

    Script to disable the AD connector will look like this:

    Get-SCSMConnector ^AD |Set-SCSMConnector -state:disabled

    Start-Sleep -m 10000

    Get-SCSMConnector ^AD |Set-SCSMConnector -state:disabled

    And the script to enable the AD Connector wiil look like this:

    Get-SCSMConnector ^AD |Set-SCSMConnector -state:enabled

    And then creating a new AD Connector to sync the users/groups from AD to SCSM.


    The problem with adding users manually to Cireson Database [ServiceManagement].[dbo].[CI$User] is the "Id" column references the SCSM Object, and if it doesn't exist I doubt much if anything would work for a user even if you filled in the other fields or tried substituting the Id for another one.
  • Leon_VaughnLeon_Vaughn Customer IT Monkey ✭
    Morning thank you for the information, I am getting the following when excectuting the script. The set-scsmconnector is not available.

    The term 'Set-SCSMConnector' is not recognized as the name of a cmdle

  • Conner_WoodConner_Wood Customer Ninja IT Monkey ✭✭✭✭
    edited April 2017
    I recommend remote desktopping to your primary workflow server (the one that runs the connectors) and executing the command.  If you do it from another machine you could use the Parameter "-ComputerName" to specify that server.....



    I've never had to import the module on the workflow server when running powershell window:
    Import-Module -Force Microsoft.EnterpriseManagement.ServiceManager.Cmdlets
    Ah, I guess that's outdated documentation, my apologies, luckily I had made documentation a long time ago which I dug up again when I had issues with Ad Connectors.

    $ADConnector = Get-SCSMConnector -ComputerName "PRIMARYWORKFLOWSERVER" -DisplayName "Active Directory Connector - Users - UR7" $ADConnector.Enabled = $false Update-SCSMConnector -Connector $ADConnector For more info: <a rel="nofollow" href="https://technet.microsoft.com/en-us/library/hh316217(v=sc.20).aspx">https://technet.microsoft.com/en-us/library/hh316217(v=sc.20).aspx</a>
    For extended connectors like Exchange Connectors (yeah they are an extension) you may have more luck with something like this:

    Import-module SMLets $EXConnectorClass = Get-SCSMClass ExchangeConnector $EXConnectors = Get-SCSMObject -Class $EXConnectorClass Foreach ($EXConnector in $EXConnectors) { Set-scsmObject $EXconnector -Property Enabled -value $False } //OR!!!!!!!!! $ExchangeConnector = Get-SCSMConnector -ComputerName "<span>PRIMARYWORKFLOWSERVER</span>" -DisplayName "Exchange Connector - UR 6"<br>$ExchangeConnector.Enabled = $false $ExchangeConnector.ConnectorObject.Commit()

    Good Luck!

  • Leon_VaughnLeon_Vaughn Customer IT Monkey ✭

    Thank you. I ran the script provided but nothing changed. The AD connector status is still blank

  • Leon_VaughnLeon_Vaughn Customer IT Monkey ✭
  • Conner_WoodConner_Wood Customer Ninja IT Monkey ✭✭✭✭
    This might seem obvious but did you use your SCSM Server Name (???) and your Active Directory Connector Name (Affected Users)?
  • Leon_VaughnLeon_Vaughn Customer IT Monkey ✭
    yes
  • Conner_WoodConner_Wood Customer Ninja IT Monkey ✭✭✭✭
    Please confirm the password is up to date for the Run As Account you've chosen to run the Active Directory Connector under..... in SCSM Console > Administration > Security > Run As Accounts

    Open the Run As Account then Re-enter the password and hit OK....
Sign In or Register to comment.