Customising SCOM EVENT ID alert message
Hi all I have a rule configured to alert on Domain Admin group membership changes. What I'm hoping for help on is customising the report message so I can cherry pick data to present as this one also goes to a management team. The rule uses Parameter 3 to identify only report on group called "Domain Admins" but how can I push parameter 3 and I assume other parameters to the custom alert fields. I know when I do this stuff in powershell using get-winevent command if I want to grab specific information I'm doing something like the below and I'm essentially wanting to report in the same way so need to extract from the SCOM alert the GroupName affected (I will be doing more the just Domian admins hence wanting this to be dynamic), Account added, Admin making the change without putting in the whole event description so it reads better. $AGG = Get-WinEvent -FilterHashtable @{Path="$securitylog";ID="4728"} -ComputerName $DC -ErrorAction SilentlyContinue foreach($entry in $AGG){ $table += New-Object -TypeName psobject -Property @{ Action = "Added Account to Domain Local Group" Time = get-date $entry.TimeCreated GroupName = $entry.Properties[3].Value+'\'+$entry.Properties[2].Value Admin = $entry.Properties[7].Value+'\'+$entry.Properties[6].Value Account = (New-Object System.Security.Principal.SecurityIdentifier($entry.Properties[1].Value.Value)).Translate([System.Security.Principal.NTAccount]).Value DC = $DC } }
scom group issue
Hi I have added multiple objects to an existing SCOM group, but when I go to “view Group Members” its not showing those newly added objects on that group. Last time when I added some objects to the same group it took almost a day and then those members were appeared on that group. But this time its more than a day still member objects are not appearing in that group. Any idea what could be the issue. I am using scom 2019.Process Monitor issue
Hi Team, I have created a Process Monitor and Targeted a Group which has some 24 windows computers. This monitor is working fine. But now I have a requirement to monitor same process on some more windows computers, so I have added those computers into that group. I can see those computers in membership view of that group, but the process monitor is still not applied to those computers. Any idea what could be the issue? I have even restarted the Management server but no help.