Add Affected User to AAW Requests using Orchestrator Runbooks or PowerShell

As some of you may know, the requests generated in Service Manager through the Application Approval Workflow (AAW) Solution Accelerator do not set the Affected User in the Request.

I’ve recently implemented the solution for one of my customers and it was requested that users submitting these application requests be able to view them from the Service Manager Self-Service Portal (SSP).

However without the Affected User relationship being defined with the work item, the only place to view the application request status is by going to “My Requests” in the Application Catalog page from ConfigMgr. I was tasked with setting the “Created By” user as the “Affected User” so that when an application is requested, it will show up in their My Requests section of the SSP.

After some research, it was fairly difficult to find any in-depth documentation on how this may be performed. So, it was up to me to get it done.

Subsequently, I was able to create a PowerShell script, and an Orchestrator Runbook.

Below is a link to my SkyDrive for downloading the files. Please use and comment if there are any suggested modifications/ changes.

The script requires the SCSM PowerShell Cmdlets (SMLets). They can be found at http://smlets.codeplex.com

 

Download Files Here

Advertisements

Changing Service Account Passwords for SCSM

Recently I was asked about what the process was for updating service account passwords for Service Manager. Directions for this can be found on TechNet at the links below.

Typically in an enterprise environment, there are password policies that require expiration and update of passwords. This can be user accounts like those you and I regularly use for our day to day activities on the job. Other user accounts are called service accounts. As many of you know, if an account password for a particular service is expired, or changed without updating the service we end up with an outage of that service within our infrastructure.

To help prevent these outages, we need to update the passwords for service accounts wherever they are used. In Service Manager, there are a few accounts that are used. The accounts listed in the tables below may not be the same as those you have used, but I’ll bet that there is an equivalent in use within your Service Manager Implementation. Some of these may even be combined into a single account for ease of use or simplification.

To update the credentials used, follow the steps outlined in TechNet (links above).

 

Table 1 – SCSM Service Accounts

Account Name

Description

Permissions

SCSMSA

Service Manager – Service Account

Local Admin on Service Manager Server(s). Must be same account for Data Warehouse and Management Servers.

SCSMRA

Service Manager – Reporting Account

Granted Rights within SQL During installation.

SCSMAS

Service Manager – Analysis Services Account

Granted Rights within SQL During installation.

SCSMWF

Service Manager – Workflow Account

Local Admin on Service Manager Server(s). Must be same account for Data Warehouse and Management Servers.

 

Table 2 – SCSM Data Connector Accounts

Account Name

Description

Permissions

SCSMADCON

Service Manager – Active Directory Connector Account

Active Directory – Read

Advanced Operator in Service Manager

SCSMOMCICON

Service Manager – Operations Manager Configuration Item Connector Account

Operator Privileges in Operations Manager

Advanced Operator in Service Manager

SCSMOMALCON

Service Manager – Operations Manager Alert Connector Account

Administrator Privileges in Operations Manager

Advanced Operator in Service Manager

SCSMCMCON

Service Manager – Configuration Manager Connector Account

smsdbrole_extract & db_datareader roles in Configuration Manager Database

Advanced Operator in Service Manager

SCSMSCOCON

Service Manager – Orchestrator Connector Account

Read Properties, List Contents and Publish permissions to the root Runbook folder and all child objects. Grant via the Runbook Designer.

Advanced Operator in Service Manager

SCSMVMMCON

Service Manager – Virtual Machine Manager Connector Account

Administrator in Virtual Machine Manager

Local Administrator on Virtual Machine Manager Server

Advanced Operator in Service Manager

 

If you need to create a new Run As Account with Service Manager, it can be done using PowerShell. I’ll save that for another post.