As some of you may know, the requests generated in Service Manager through the Application Approval Workflow (AAW) Solution Accelerator do not set the Affected User in the Request.

I’ve recently implemented the solution for one of my customers and it was requested that users submitting these application requests be able to view them from the Service Manager Self-Service Portal (SSP).

However without the Affected User relationship being defined with the work item, the only place to view the application request status is by going to “My Requests” in the Application Catalog page from ConfigMgr. I was tasked with setting the “Created By” user as the “Affected User” so that when an application is requested, it will show up in their My Requests section of the SSP.

After some research, it was fairly difficult to find any in-depth documentation on how this may be performed. So, it was up to me to get it done.

Subsequently, I was able to create a PowerShell script, and an Orchestrator Runbook.

Below is a link to my SkyDrive for downloading the files. Please use and comment if there are any suggested modifications/ changes.

The script requires the SCSM PowerShell Cmdlets (SMLets). They can be found at http://smlets.codeplex.com

Download Files Here

Recently I was asked about what the process was for updating service account passwords for Service Manager. Directions for this can be found on TechNet at the links below.

Typically in an enterprise environment, there are password policies that require expiration and update of passwords. This can be user accounts like those you and I regularly use for our day to day activities on the job. Other user accounts are called service accounts. As many of you know, if an account password for a particular service is expired, or changed without updating the service we end up with an outage of that service within our infrastructure.

To help prevent these outages, we need to update the passwords for service accounts wherever they are used. In Service Manager, there are a few accounts that are used. The accounts listed in the tables below may not be the same as those you have used, but I’ll bet that there is an equivalent in use within your Service Manager Implementation. Some of these may even be combined into a single account for ease of use or simplification.

To update the credentials used, follow the steps outlined in TechNet (links above).

Table 1 – SCSM Service Accounts

Account Name	Description	Permissions
SCSMSA	Service Manager – Service Account	Local Admin on Service Manager Server(s). Must be same account for Data Warehouse and Management Servers.
SCSMRA	Service Manager – Reporting Account	Granted Rights within SQL During installation.
SCSMAS	Service Manager – Analysis Services Account	Granted Rights within SQL During installation.
SCSMWF	Service Manager – Workflow Account	Local Admin on Service Manager Server(s). Must be same account for Data Warehouse and Management Servers.

Table 2 – SCSM Data Connector Accounts

Account Name	Description	Permissions
SCSMADCON	Service Manager – Active Directory Connector Account	Active Directory – Read Advanced Operator in Service Manager
SCSMOMCICON	Service Manager – Operations Manager Configuration Item Connector Account	Operator Privileges in Operations Manager Advanced Operator in Service Manager
SCSMOMALCON	Service Manager – Operations Manager Alert Connector Account	Administrator Privileges in Operations Manager Advanced Operator in Service Manager
SCSMCMCON	Service Manager – Configuration Manager Connector Account	smsdbrole_extract & db_datareader roles in Configuration Manager Database Advanced Operator in Service Manager
SCSMSCOCON	Service Manager – Orchestrator Connector Account	Read Properties, List Contents and Publish permissions to the root Runbook folder and all child objects. Grant via the Runbook Designer. Advanced Operator in Service Manager
SCSMVMMCON	Service Manager – Virtual Machine Manager Connector Account	Administrator in Virtual Machine Manager Local Administrator on Virtual Machine Manager Server Advanced Operator in Service Manager

If you need to create a new Run As Account with Service Manager, it can be done using PowerShell. I’ll save that for another post.

The IT Therapist

Monthly Archives: August 2013

Add Affected User to AAW Requests using Orchestrator Runbooks or PowerShell

Download Files Here

Changing Service Account Passwords for SCSM