First published on TECHNET on Sep 24, 2010
Did you know that you can send notifications to groups of users using SCSM? It’s really pretty straightforward and so one Microsoft’s Premier Field Engineers, Antoni Hanus, volunteered to write a guest blog post about it to make sure everyone knew how to do it. Thanks Antoni!
Thanks also to Richard Usher, one of our SCSM expert support engineers, for helping Antoni figure out the right Exchange configuration.
In some scenarios, you may wish to use a group rather than an individual user in Service Manager as a work item stakeholder.
For example, let’s say we want to assign an incident to a team of people (such as an initial response team who route incidents), and then notify everyone in the initial response team that an incident has been assigned to their team.
Messaging-Enabled Universal Security Groups are the key to this. Please read the Note at the bottom for an important consideration when using Messaging Enabled Universal Security Groups.
These can be created in the Exchange 2007 or 2010 console. This example will walk through how to create one in Exchange 2010:
Creating a Messaging-Enabled Universal Security Group
1) In the Exchange Management Console, navigate to Recipient configuration>Distribution Group, Right click and choose New Distribution Group.
2) In the Introduction page, either choose an existing Universal Group or Create a New One
3) In the Group Information page, ensure the ‘Security’ radio button is selected.
4) Complete the creation of the group
5) Add members to the group by right-clicking properties and accessing the members tab:
6) Wait for Service Manager to sync with AD, or perform a manual Synchronization from Administration>Connectors (Click the AD Connector and then the ‘Synchronize Now’ task on the right hand side).
7) Once the AD synchronization has completed, the newly created group will be available as a Configuration item (CI) in Service Manager, and can be selected in the user picker fields such as ‘Affected User’ and ‘Assigned To’.
Creating a Workflow to notify Stakeholders when an Incident is Created
Now we can create a workflow in Service Manager, that will send out a notification to an assigned user when an incident is created:
1) Navigate to Administration>Workflows>Configuration
2) Double Click Incident Event Workflow Configuration
3) Click Add and Click Next in the ‘Before you Begin’ Page
4) Give the workflow a name such as ‘Incident Created – Email Stakeholders’.
5) Leave the default of ‘When an incident is created’ in the ‘Check for Events’ dropdown.
6) Select one of your custom Management Packs (or create one) to store the workflow in and click next.
7) Click Next on the Specify Incident Criteria page (We want this workflow to run when any new incident is created)
8) Optionally apply a template (in this case we are creating the workflow for notification only, so we will choose ‘Do not apply a template’)
9) In the ‘Select People to Notify’ dialog, check the ‘Enable notification’ checkbox. Add the appropriate users you wish to notify with the appropriate templates. For example:
10) Click next and Create to complete creation of the workflow.
You can also use these user groups as recipients of subscriptions you create at Administration\Notifications\Subscriptions in the main console.
Testing the Workflow and Mail Enabled Universal Security Group
Now test your workflow by creating an incident and assigning it to the messaging enabled universal security group that you created earlier.
Important Note Regarding Using Distribution Groups.
In Exchange 2007 upwards, the 'Requires that all senders are authenticated' setting is enabled by default for Mail Enabled Universal Security Groups (in the DG properties>mail-flow settings>message delivery restrictions):
If your outgoing SMTP server specified in the Service Manager settings (Under Administration>Notifications Channels>Edit) is using ‘Anonymous’ as the Authentication Method (either in Service Manager or the SMTP settings), then given the above default setting in exchange, the email would not be sent out.
If you have Anonymous Access configured on the SMTP side, it is necessary either to uncheck the 'Require that all senders are authenticated' setting in exchange for the Mail Enabled Universal Security Group, or the other option is to change the SMTP authentication settings (in Service manager or the outgoing SMTP Server settings) from anonymous to Windows Integrated, so that the user is authenticated, allowing the email to be sent.
The 'Require that all senders are authenticated' setting is set to true by default in Exchange 2007 upwards - (