This is a pretty common request, and I have been meaning to write up an example of this.
Suppose you have the following scenario: You are monitoring 1000 Windows Server with OpsMgr. In your management group, you have 100 servers that are Test/Dev machines, and you have 900 that are production. You need a simple way to treat these servers differently, for overrides, and creating notifications or incidents, or even scoping your views. You want to ensure that you don’t send critical pages, emails, or create incidents on these lab/test/dev machines.
The challenge is – our notifications, views, and overrides don’t have the ability to have an “exclude” function… to say “show me everything except alerts from these machines”
I will start by creating a group using the UI, for my Lab Computers group, based on OU. This could be based on static membership, or anything else.
Verify that I have the right Lab Computer members in that group:
Now – we need to create a group – which contains ALL OTHER computers in SCOM, that are not part of the lab group:
The only criteria we will define here, is that this will contain all Windows Computers. (We will restrict the membership later in XML)
Save the group and verify it contains ALL Windows Computers.
Save and export the management pack to XML.
Edit the XML file using notepad or your XML editor of choice.
Find the discovery for your Production Server Group. If you used the UI to create the group, these will have a “UINameSpace<GUID>” name… so you will have to ensure you are choosing the right one by verifying this in the DisplayStrings section of the XML.
Here is what my default group discovery criteria looked like, for all Windows Computers:
<Discovery ID="UINameSpace1235cf5e76c84e458035a1c4ef8d73aa.Group.DiscoveryRule" Enabled="true" Target="UINameSpace1235cf5e76c84e458035a1c4ef8d73aa.Group" ConfirmDelivery="false" Remotable="true" Priority="Normal"> <Category>Discovery</Category> <DiscoveryTypes> <DiscoveryRelationship TypeID="MicrosoftSystemCenterInstanceGroupLibrary7585010!Microsoft.SystemCenter.InstanceGroupContainsEntities" /> </DiscoveryTypes> <DataSource ID="GroupPopulationDataSource" TypeID="SystemCenter!Microsoft.SystemCenter.GroupPopulator"> <RuleId>$MPElement$</RuleId> <GroupInstanceId>$MPElement[Name="UINameSpace1235cf5e76c84e458035a1c4ef8d73aa.Group"]$</GroupInstanceId> <MembershipRules> <MembershipRule> <MonitoringClass>$MPElement[Name="MicrosoftWindowsLibrary7585010!Microsoft.Windows.Computer"]$</MonitoringClass> <RelationshipClass>$MPElement[Name="MicrosoftSystemCenterInstanceGroupLibrary7585010!Microsoft.SystemCenter.InstanceGroupContainsEntities"]$</RelationshipClass> </MembershipRule> </MembershipRules> </DataSource> </Discovery>
Right now – the expression just basically states that if the object is a Windows Computer, it belongs in the group.
We need to add an expression, which basically states “All Windows Computers that are NOT CONTAINED in the Lab Servers Group”. The part that handles this is the <MembershipRule> section.
Here is an example expression that will create this filter:
<Expression> <NotContained> <MonitoringClass>$MPElement[Name="UINameSpacebff9e11464de491f9620271507a2aeb8.Group"]$</MonitoringClass> </NotContained> </Expression>
The key in the above expression is the <NotContained> tag. You can use <Contains>, <NotContains>, <Contained>, and <NotContained> for similar expressions.
Now – the group class ID above just happens to be the group class ID in my management pack (for Lab Servers). You will need to change this to your own group class ID, which is defined in this management pack above, in the <ClassTypes> section.
The full XML for this discovery would look like so:
<Discovery ID="UINameSpace1235cf5e76c84e458035a1c4ef8d73aa.Group.DiscoveryRule" Enabled="true" Target="UINameSpace1235cf5e76c84e458035a1c4ef8d73aa.Group" ConfirmDelivery="false" Remotable="true" Priority="Normal"> <Category>Discovery</Category> <DiscoveryTypes> <DiscoveryRelationship TypeID="MicrosoftSystemCenterInstanceGroupLibrary7585010!Microsoft.SystemCenter.InstanceGroupContainsEntities" /> </DiscoveryTypes> <DataSource ID="GroupPopulationDataSource" TypeID="SystemCenter!Microsoft.SystemCenter.GroupPopulator"> <RuleId>$MPElement$</RuleId> <GroupInstanceId>$MPElement[Name="UINameSpace1235cf5e76c84e458035a1c4ef8d73aa.Group"]$</GroupInstanceId> <MembershipRules> <MembershipRule> <MonitoringClass>$MPElement[Name="MicrosoftWindowsLibrary7585010!Microsoft.Windows.Computer"]$</MonitoringClass> <RelationshipClass>$MPElement[Name="MicrosoftSystemCenterInstanceGroupLibrary7585010!Microsoft.SystemCenter.InstanceGroupContainsEntities"]$</RelationshipClass> <Expression> <NotContained> <MonitoringClass>$MPElement[Name="UINameSpacebff9e11464de491f9620271507a2aeb8.Group"]$</MonitoringClass> </NotContained> </Expression> </MembershipRule> </MembershipRules> </DataSource> </Discovery>
You can save this MP edit, then import your management pack.
You will now see that you have a group of all Windows Computers, except those that are members of the Lab Computers group:
Lab group:
Production group:
Since my lab group is dynamic based on OU, as servers are moved in or out of that OU, the Production group will also be dynamically updated.
I can now use my production group to scope and filter console views and user roles, filter notifications, and overrides.
Hi Kevin,
Thanks for the Good Article. we have 1000+ servers’ windows servers in SCOM, Prod and DEV having separate naming conventions. I would like to write a dynamic expression for Production servers’ group and Dev servers’ group.
Ex : Prod server Name = XXX PPPXXX
Dev Server Name = XXX DEVXXX
How to write dynamic expression to match meddle name PPP and DEV for Prod and Dev groups in SCOM
Regards
Kamal sharma.
What if I wanted a group that contained windows computers in a specific AD Site, linux computers in specific subnets, AND network devices in specific subnets? Quite the combination here. Is it possible? Basically, I want anything that’s monitored in SCOM separated out by our branch site subnets but not everything is Windows. The point of these groups would be to easily schedule maintenance with them when systems at those sites are down for maintenance. Should I create separate groups for each and make them subgroups for the branch? Would they be Instance groups or Computer groups?