SCOM – It’s Time to Migrate

This blog post has been originally authored by Scott Mathemeier, Premier Field Engineer, Microsoft

So, it's *that* time…

You've used SCOM since it was MOM. Maybe you even know of its SeNTry ELM roots ;)

Maybe you are brand new to SCOM…But you're still running SCOM 2012 R2. Did you know that its mainstream support ended in July 2017 (yes, *two* years ago); and its extended support ends in July 2022. Your management is probably thinking, “I'll use SCOM 2012 R2 for all it's worth and ride it into the ground!”. If that's the conventional wisdom where you are, remind them of the following:

  • Extended support isn't cheap, and it only gets you security patches, i.e. no feature improvements, no bug fixes. So, if something breaks, well, you're on your own…
  • If you're running SCOM 2012 R2, it's possible your software underpinnings are also running out of support:
  • Are you running more recent versions of SCOM? Two things to consider:
  • And that's just the software, what if you're running it on actual physical hardware?

Repeat this mantra to your management: Time is of the essence.

A blog post that covers a migration from end-to-end would be long and laborious with way too many if/then hops. It's also impossible to cover all situations: from a home lab, to a mom-n-pop AIO server, to a globally-distributed SCOM infrastructure, I've seen all of those and everything in-between. You know your SCOM infrastructure better than anyone; you know best create your own checklist and plan a migration. Instead what I aim to do here is provide you with resources and tools to get your digital ducks in a row so you can put together a plan – and migrate to SCOM 2019!

Each of these tools and resources will have their own pre-reqs, limitations and documentation. Make sure to review the documentation for each prior to testing them in a lab environment (and then in production).

SCOM has had pre-reqs since the dawn of time…well, maybe not that long, but long enough that you know about them, are tired of them, and would like to automate them. If you want to automate your SCOM pre-reqs, go here.

Want to script the creation of your SCOM service accounts and the SCOM Admins security group? Go here.

Did you know in SCOM 2019 that RunAs accounts now require Log On As a Service instead of Log On Locally? While this is more secure, it's also something you need to plan for and understand.

If you want to export your SCOM Security User Roles, use the following PowerShell one-liner:

Get-SCOMUserRole | select-object name,displayname,description,profile,profiledisplayname,@{Name='users';Expression={[string]::join(“;”, ($_.users))}}| Export-Csv -Path c:.csv

  • This will create a CSV of SCOM User Role Names along with their DisplayName, Description, the Profile that the role is based on, the ProfileDisplayName and (probably most importantly) the users/groups that are members of the SCOM User Role.

Want to export your subscriptions and their corresponding subscribers and channels? Go here.

Want to export your SCOM RunAs Accounts along with the RunAs Profiles that they're tied to? Go here.

Did you know that there are some highly recommended registry tweaks for your SCOM 2019 management servers? Find them here.

exceptions for SCOM? Yeah, we got those for you right here.

exclusions for SCOM directories and files? Get those here.

On the maintenance side of things, if you want to shrink your SCOM DB and DW of unnecessary event collection, this tool will retain events that trigger alerts but deprecate those alerts that don't (and are taking up valuable space while causing performance issues for your SCOM infrastructure).

Want to show your management that you're ready for a management server failure? This tool will allow you to set the management server for your agents.

Migrating SQL monitoring? Well you-know-who, has an article you need to review since the switchover to agnostic version SQL monitoring occurred over two months ago. Note: the earlier version-specific releases will no longer be updated, and, more importantly, are no longer supported. Get with your SQL team and get this reviewed/discussed/planned/implemented ASAP.

Speaking of SQL monitoring, skip the headache of RunAs accounts and use Kevin Holman's No RunAs Accounts Needed for SQL Mgmt. Pack.

Ready to make your life as a SCOM admin easier? Use this Kevin Holman MP that combines many useful tools/tasks/ into a single MP.

Tired of using VBscript since, well, forever? Install this community MP and start using PowerShell instead – right from the GUI! Can also download the source files from GitHub here.

If you've inherited a SCOM environment with out-of-date MPs or have one where the management packs are updated as often as a Leap Year, here is a link for Microsoft-related technology management packs so you can get the latest and greatest MPs for your infrastructure monitoring.

Here's a collection of useful SCOM Admin Tools in a single location.

Do you want to do more with SCOM reporting as the next SCOM admin? Look into using Power BI as an option for your reporting and dashboards. You'll never look back…Note: and data analytics is a very specific skillset apart from SCOM (and SCOM reporting). If you need additional assistance with it, don't hesitate to contact your Microsoft Technical Account Manager for further help and possibly getting a Microsoft engineer to engage and assist. Resources for Power BI: Desktop, Report Server and Power BI as a Service. Comparing the different versions: Desktop vs Service; Report Server vs. Service.

Speaking of Power BI, if you want to monitor it, make sure you get the correct management pack for it – and it's not readily noticeable by its name. Use the SSRS 2017 MP; get it here.

Ready to show your management (as well as the C/ISO) that you're serious about securing your SCOM infrastructure and its communications? Use this post from Kevin Holman to get up-to-speed and implement 1.2. (More info can be found here.)

If you want to review your settings as well as change them easily, this tool is an eye opener! It will provide you with details including the current retention time, current size as well as tell you what percent of your DWH is being consumed by a particular dataset (performance, state, config, etc) – and then you can change the settings from within the tool itself :smiling_face_with_smiling_eyes:

As you prepare for your migration and start your checklist, review this and use it for planning out your strategy. If you'd like a little more assistance in an easy-to-follow, not-so-white-paper-technical jargon, of course our SCOM Rock Star has you covered.

When you're done with your SCOM installation, don't forget to license it!

And finally…if you're still in need of assistance, I worked with a team recently to update a Microsoft offering that helps lead you through the migration to the latest version of SCOM. It's been updated for SCOM 2019 and is ready for you! Contact your Microsoft Technical Account Manager Premier Field Engineer and ask them about how you can get information on or discuss the Onboard Accelerator for .

If you have an issue or concern about any of the above tools, please feel free to post a question or comment to the post by the original blog's author. Most of these are sourced from Microsoft engineers, and we can be a real responsive/chatty bunch ;)

Do you have some real-world tips? Found some gotchas when you migrated? Please feel free to chime in below. A strong community makes for a stronger SCOM.

Good luck, Live Long and Prosper, and May the Schwartz be With You!

Hitesh Sharma

Senior Program Manager, Microsoft


This article was originally published by Microsoft's Data Center Security Blog. You can find the original article here.