Manage SCOM Report Operators role using PowerShell

Sharing SCOM reports with other users can be facilitated by adding those users to the SCOM Report Operator role. To view the users and groups that are a member of this role the following can be executed:

1
Get-SCOMUserRole -Name 'Operations Manager Report Operators'

The best practice is to add users into an AD group and then placing the user in that AD group. If there is already an AD Group in the User Role then the user can be added to that group directly. Otherwise an AD Group can be created and added to the SCOM User Role as follows:

1
2
3
4
5
6
7
8
9
10
11
# Create Domain Local Security Group
$TargetOU = [adsi]'LDAP://OU=SCOM,OU=Groups,DC=jaapbrasser,DC=com'
$Group = $TargetOU.Create('group','cn=SCOM_Report_Operators')
$Group.put('grouptype',0x80000004)
$Group.put('samaccountname','SCOM_Report_Operators')
$Group.SetInfo()
 
# Add the newly created group to the SCOM User Role
Get-SCOMUserRole -Name 'Operations Manager Report Operators' | ForEach-Object {
    Set-SCOMUserRole -UserRole $_ -User ($_.Users+'jaapbrasser\SCOM_Report_Operators')
}

Since the Set-SCOMUserRole cmdlet does not support adding a group or user account we are used to use ForEach-Object as an alternative to include the current User Role Members. By concatenating the existing users with the new user, domain\jaapbrasser, the new user is added to the User Role Members.
Now that the Active Directory group has been created and added to the list the user account can be added to the AD group:

1
2
3
4
$ADGroup = [adsi]([adsisearcher]'samaccountname=SCOM_Report_Operators').findone().path
$User = ([adsisearcher]'samaccountname=jaapbrasser').findone().path
$ADGroup.add($User)
$ADGroup.psbase.commitchanges()

Now that the AD Group has been added as a User Role member and the user has been added to the correct Active Directory group the user has the appropriate permissions to be able to view the reports created by SCOM.

SCOM Report Operators User Role
Implementing User Roles
Get-SCOMUserRole
Set-SCOMUserRole

Leave a Reply

Your email address will not be published.