Managing Configuration Manager Collection Membership using the Service Manager Self-Service Portal
This post is the 7th in a series of posts focused on making common administrative tasks in System Center and Azure available via the Service Manager Self-Service Portal. The Configuration Manager and Operations Manager Connectors pull a lot of information into Service Manager but not everything necessary to manage clients, agents, and other settings. This solution allows for the managing of Configuration Manager Collection Membership including adding and removing members.
Series
Prerequisites
The scenarios were designed using the following
- System Center Service Manager 2012 R2
- Self-Service Portal configured and working
- Active Directory Connector configured and working
- Configuration Manager Connector configured and working
- Orchestrator Connector configured and working
- System Center Configuration Manager 2012 R2
- Discovery configured and working
- System Center Orchestrator 2012 R2
- SC 2012 Configuration Manager Integration Pack configured and working
- SC 2012 Service Manager Integration Pack configured and working
- Configuration Manager Console installed on runbook servers (open the console, make sure you can connect to your site server)
- Operations Manager Console installed on runbook servers
- Service Manager Console installed on runbook servers
- Runbook servers configured to allow PowerShell scripts to run
- Previous Blogs
- Sync Configuration Manager Client and Operations Manager Agent State in Service Manager
- Managing Configuration Manager Collections using the Service Manager Self-Service Portal
Create the Add Device to Collection Runbook
This Runbook will add members to collections in Configuration Manager, update the collection membership in Configuration Manager, trigger the Sync Collections runbook created previously, and finally update the Description in the Service Request with the result of the Sync collections runbook.
- Open the Orchestrator Runbook Designer
- Create a new runbook
- Drag the "Runbook Control\Initialize Data" activity into the new runbook
- Rename it to "Get Runbook GUID"
- Create a new string parameter under "Details" called RunbookID, and click "Finish"
- Drag the "SC 2012 Service Manager\Get Object" activity into the new runbook
- Rename it to "Get Runbook Object"
- Link "Get Runbook GUID" to "Get Runbook Object"
- Fill out the following properties under "Details"
- Connection: <Your Service Manager Connection>
- Class: Runbook Automation Activity
- Filters: SC Object Guid Equals {RunbookID from "Get Runbook GUID"}
- Click "Finish"
- Drag the "SC 2012 Service Manager\Get Relationship" activity into the new runbook
- Rename it to "Get SR GUID"
- Link "Get Runbook Object" to "Get SR GUID"
- Fill out the following properties under "Details"
- Connection: <Your Service Manager Connection>
- Object Class: Runbook Automation Activity
- Object Guid: {SC Object Guid from "Get Runbook Object"}
- Related Class: Service Request
- Click "Finish"
- Drag the "SC 2012 Service Manager\Get Object" activity into the new runbook
- Rename it to "Get Service Request"
- Link "Get SR GUID" to "Get Service Request"
- Fill out the following properties under "Details"
- Connection: <Your Service Manager Connection>
- Class: Service Request Extended
- Filters: SC Object GUID Equals {Related Object Guid from "Get SR GUID"}
- Click "Finish"
- Drag the "Utilities\Query XML" activity into the new runbook
- Rename it to "Get User Input"
- Link "Get Service Request" to "Get User Input"
- Fill out the following properties under "Details"
- XML Text: {User Input from "Get Service Request"}
- Xpath Query: /UserInputs/UserInput[@Question='Select Collection']/@Answer
- Click "Finish"
- Drag the "Utilities\Query XML" activity into the new runbook
- Rename it to "Get Collection Name"
- Link "Get User Input" to "Get Collection Name"
- Fill out the following properties under "Details"
- XML Text: {Query Result from "Get User Input"}
- Xpath Query: //@DisplayName
- Click "Finish"
- Drag the "SC 2012 Service Manager\Get Relationship" activity into the new runbook
- Rename it to "Get Device GUID(s)"
- Link "Get Collection Name" to "Get Device GUID(s)"
- Fill out the following properties under "Details"
- Connection: <Your Service Manager Connection>
- Object Class: Service Request
- Object Guid: {SC Object Guid from "Get Service Request"}
- Related Class: Windows Computer
- Click "Finish"
- Drag the "SC 2012 Service Manager\Get Object" activity into the new runbook
- Rename it to "Get Devices(s)"
- Link "Get Device GUID(s)" to "Get Device(s)"
- Fill out the following properties under "Details"
- Connection: <Your Service Manager Connection>
- Class: Windows Computer
- Filters: SC Object Guid Equals {Related Object Guid from "Get Device GUID(s)"}
- Click "Finish"
- Drag the "SC 2012 Configuration Manager\Add Collection Rule" activity into the new runbook
- Rename it to "Add Collection Rule in CM"
- Link "Get Devices(s)" to "Add Collection Rule in CM"
- Fill out the following properties under "Details"
- Collection: {Query result from "Get Collection Name"}
- Collection Value Type: Name
- Rule Name: {NetBIOS Computer Name from "Get Device(s)"}
- Rule Type: Direct Rule
- Rule Definition: {NetBIOS Computer Name from "Get Device(s)"}
- Rule Definition Value Type: Resource Names
- Click "Finish"
- Drag the "Runbook Control\Junction" activity into the new runbook
- Rename it to "Flatten Results"
- Link "Add Collection Rule in CM" to "Flatten Results"
- Link "Get Collection Name" to "Flatten Results"
- In "Details" set Return data from to "Get Collection Name"
- Click "Finish"
- Drag the "SC 2012 Configuration Manager\Update Collection Membership" activity into the new runbook
- Link "Flatten Results" to "Update Collection Membership"
- Fill in the following properties under "Details"
- Collection: {Query result from "Get Collection Name"}
- Collection Value Type: Name
- Wait for Refresh Completion: True
- Polling Interval (seconds): 5
- Click "Finish"
- Drag the "Runbook Control\Invoke Runbook" activity into the new runbook
- Rename it to "Sync Collection in SM"
- Link "Update Collection Membership" to "Sync Collection in SM"
- Set the following properties on the "Sync Collection in SM" activity
- Runbook: <Sync Collections runbook created previously>
- ServiceRequest: {ID from "Get Service Request"}
- CollectionName: {Query result from "Get Collection Name"}
- Ensure "Wait for completion" is checked
- Click "Finish"
- Drag the "Text File Management\Find Text" activity into the new runbook
- Rename it to "Get Script Result"
- Link "Create Collection in SM" to "Get Script Result"
- Fill out the following properties under "Details"
- File: <local sharepath>\Automation\Logs\SRLogs\{ID from "Get Service Request"}.log
- File encoding: Auto
- Search text: Info:Script Complete, Result:
- Click "Finish"
- Drag the "SC 2012 Service Manager\Update Object" activity into the new runbook
- Rename it to "Update Description of Service Request"
- Fill out the following properties under "Details"
- Connection: <Your Service Manager Connection>
- Class: Service Request
- Object Guid: {SC Object Guid from "Get Service Request"}
- Fields: Description {Original line from "Get Script Result"} CMTrace Log File: {File path from "Get Script Result"}
- Click "Finish" and link "Get Script Result" to "Update Description of Service Request"
- Check in the Runbook, it should look similar to this:
Create the Remove Device to Collection Runbook
This Runbook will remove members from collections in Configuration Manager, update the collection membership in Configuration Manager, trigger the Sync Collections runbook created previously, and finally update the Description in the Service Request with the result of the Sync collections runbook.
- Open the Orchestrator Runbook Designer
- Create a new runbook
- Drag the "Runbook Control\Initialize Data" activity into the new runbook
- Rename it to "Get Runbook GUID"
- Create a new string parameter under "Details" called RunbookID, and click "Finish"
- Drag the "SC 2012 Service Manager\Get Object" activity into the new runbook
- Rename it to "Get Runbook Object"
- Fill out the following properties under "Details"
- Connection: <Your Service Manager Connection>
- Class: Runbook Automation Activity
- Filters: SC Object Guid Equals {RunbookID from "Get Runbook GUID"
- Click "Finish" and link "Get Runbook GUID" to "Get Runbook Object"
- Drag the "SC 2012 Service Manager\Get Relationship" activity into the new runbook
- Rename it to "Get SR GUID"
- Link "Get Runbook Object" to "Get SR GUID"
- Fill out the following properties under "Details"
- Connection: <Your Service Manager Connection>
- Object Class: Runbook Automation Activity
- Object Guid: {SC Object Guid from "Get Runbook Object"}
- Related Class: Service Request
- Click "Finish"
- Drag the "SC 2012 Service Manager\Get Object" activity into the new runbook
- Rename it to "Get Service Request"
- Link "Get SR GUID" to "Get Service Request"
- Fill out the following properties under "Details"
- Connection: <Your Service Manager Connection>
- Class: Service Request Extended
- Filters: SC Object GUID Equals {Related Object Guid from "Get SR GUID"}
- Click "Finish"
- Drag the "Utilities\Query XML" activity into the new runbook
- Rename it to "Get User Input"
- Link "Get Service Request" to "Get User Input"
- Fill out the following properties under "Details"
- XML Text: {User Input from "Get Service Request"}
- Xpath Query: /UserInputs/UserInput[@Question='Select Collection']/@Answer
- Click "Finish"
- Drag the "Utilities\Query XML" activity into the new runbook
- Rename it to "Get Collection Name"
- Link "Get User Input" to "Get Collection Name"
- Fill out the following properties under "Details"
- XML Text: {Query Result from "Get User Input"}
- Xpath Query: //@DisplayName
- Click "Finish"
- Drag the "SC 2012 Service Manager\Get Relationship" activity into the new runbook
- Rename it to "Get Device GUID(s)"
- Link "Get Collection Name" to "Get Device GUID(s)"
- Fill out the following properties under "Details"
- Connection: <Your Service Manager Connection>
- Object Class: Service Request
- Object Guid: {SC Object Guid from "Get Service Request"}
- Related Class: Windows Computer
- Click "Finish"
- Drag the "SC 2012 Service Manager\Get Object" activity into the new runbook
- Rename it to "Get Devices(s)"
- Link "Get Device GUID(s)" to "Get Device(s)"
- Fill out the following properties under "Details"
- Connection: <Your Service Manager Connection>
- Class: Windows Computer
- Filters: SC Object Guid Equals {Related Object Guid from "Get Device GUID(s)"}
- Click "Finish"
- Drag the "SC 2012 Configuration Manager\Delete Collection Rule" activity into the new runbook
- Rename it to "Delete Collection Rule in CM"
- Link "Get Devices(s)" to "Delete Collection Rule in CM"
- Fill out the following properties under "Details"
- Collection: {Query result from "Get Collection Name"}
- Collection Value Type: Name
- Membership Rule: {NetBIOS Computer Name from "Get Device(s)"}
- Membership Rule Type: Direct Rule
- Click "Finish"
- Drag the "Runbook Control\Junction" activity into the new runbook
- Rename it to "Flatten Results"
- Link "Delete Collection Rule in CM" to "Flatten Results"
- Link "Get Collection Name" to "Flatten Results"
- In "Details" set Return data from to "Get Collection Name"
- Click "Finish"
- Drag the "SC 2012 Configuration Manager\Update Collection Membership" activity into the new runbook
- Link "Flatten Results" to "Update Collection Membership"
- Fill in the following properties under "Details"
- Collection: {Query result from "Get Collection Name"}
- Collection Value Type: Name
- Wait for Refresh Completion: True
- Polling Interval (seconds): 5
- Click "Finish"
- Drag the "Runbook Control\Invoke Runbook" activity into the new runbook
- Rename it to "Sync Collection in SM"
- Link "Update Collection Membership" to "Sync Collection in SM"
- Set the following properties on the "Sync Collection in SM" activity
- Runbook: <Sync Collections runbook created previously>
- ServiceRequest: {ID from "Get Service Request"}
- CollectionName: {Query result from "Get Collection Name"}
- Ensure "Wait for completion" is checked
- Click "Finish"
- Drag the "Text File Management\Find Text" activity into the new runbook
- Rename it to "Get Script Result"
- Link "Create Collection in SM" to "Get Script Result"
- Fill out the following properties under "Details"
- File: <local sharepath>\Automation\Logs\SRLogs\{ID from "Get Service Request"}.log
- File encoding: Auto
- Search text: Info:Script Complete, Result:
- Click "Finish"
- Drag the "SC 2012 Service Manager\Update Object" activity into the new runbook
- Rename it to "Update Description of Service Request"
- Fill out the following properties under "Details"
- Connection: <Your Service Manager Connection>
- Class: Service Request
- Object Guid: {SC Object Guid from "Get Service Request"}
- Fields: Description {Original line from "Get Script Result"} CMTrace Log File: {File path from "Get Script Result"}
- Click "Finish" and link "Get Script Result" to "Update Description of Service Request"
- Check in the Runbook, it should look similar to this:
Create the Runbook Automation Activity Template for the Add Device to Collection Runbook
The Runbook Automation Activity Template will be link the Runbook we just created to a Service Request that we will be created later.
- Open the Service Manager Console
- Go to Administration\Connectors and Synchronize your Orchestrator Runbook Connector
- Go to Library\Templates and click "Create Template"
- Name: Add Device to Collection RAA Template
- Description: Add Device to CM Collection RAA Template
- Class: Runbook Automation Activity
- Management Pack: Click "New"
- Name: DataCenter Automation: Configuration Manager Collections UI
- Description: Configuration Manager Collections Templates and Offerings
- Click OK, the Runbook Activity Form should appear. Check "Is Ready For Automation"
- Title: Add Device to Collection RA
- Description: Add Device to CM Collection RA
- Click the "Runbook" Tab
- Click "Select" and choose the Runbook created earlier
- Click "Edit Mapping" and choose "Object\Id"
- Click "OK"
Create the Service Request Template for the Add Device to Collection Runbook
The Service Request Template is needed to create a Request Offering using the Runbook Activity Template created previously
- Open the Service Manager Console
- Go to Library\Templates and click "Create Template"
- Name: Add Device to Collection SR Template
- Description: Add Device to CM Collection SR Template
- Class: Service Request
- Management Pack: DataCenter Automation: Configuration Manager Collections UI
- Click OK, the Service Request Form should appear.
- Title: Add Device to Collection SR
- Description: Add Device to CM Collection SR
- Click the "Activities" Tab
- Click the Plus sign and select the Runbook Activity Template created earlier
- Click OK when the form is launched
Create Request Offering for Add Device to Collection
The Add Device to Collection request offering will be used to configure the user interface displayed via the self-service portal
- Open the Service Manager Console
- Go to Library\Service Catalog\Request Offerings and Click "Create Request Offering"
- Title: Add Device to Collection
- Description: Add Device to CM Collection
- Template name: Add Device to Collection SR Template
- Management Pack: DataCenter Automation: Configuration Manager Collections UI
- User Prompts
- Select Collection | Required | Query Results
- Select Device(s) | Required | Query Results
- Configure Prompts
- Select Collection
- Select Class: Collection Projection
- Display Columns: DisplayName, CollectionID, MemberCount
- Options: Check Add user-selected objects to template object as related items (Add Device to Collection SR - (Service Request))
- Select Devices
- Select Class: Windows Computer
- Display Columns: DisplayName, PrincipalName, CMClient
- Options: Check Allow the user to select multiple objects and Add user-select objects to template object as related items (Add Device to Collection SR - (Service Request))
- Publish: Published
- Select Collection
Create the Runbook Automation Activity Template for the Remove Device from Collection Runbook
The Runbook Automation Activity Template will be link the Runbook we just created to a Service Request that we will be created later.
- Open the Service Manager Console
- Go to Administration\Connectors and Synchronize your Orchestrator Runbook Connector
- Go to Library\Templates and click "Create Template"
- Name: Remove Device from Collection RAA Template
- Description: Remove Device from CM Collection RAA Template
- Class: Runbook Automation Activity
- Management Pack: Click "New"
- Name: DataCenter Automation: Configuration Manager Collections UI
- Description: Configuration Manager Collections Templates and Offerings
- Click OK, the Runbook Activity Form should appear. Check "Is Ready For Automation"
- Title: Remove Device from Collection RA
- Description: Remove Device from CM Collection RA
- Click the "Runbook" Tab
- Click "Select" and choose the Runbook created earlier
- Click "Edit Mapping" and choose "Object\Id"
- Click "OK"
Create the Service Request Template for the Remove Device from Collection Runbook
The Service Request Template is needed to create a Request Offering using the Runbook Activity Template created previously
- Open the Service Manager Console
- Go to Library\Templates and click "Create Template"
- Name: Remove Device from Collection SR Template
- Description: Remove Device from CM Collection SR Template
- Class: Service Request
- Management Pack: DataCenter Automation: Configuration Manager Collections UI
- Click OK, the Service Request Form should appear.
- Title: Remove Device from Collection SR
- Description: Remove Device from CM Collection SR
- Click the "Activities" Tab
- Click the Plus sign and select the Runbook Activity Template created earlier
- Click OK when the form is launched
Create Request Offering for Remove Device from Collection
The Remove Device from Collection request offering will be used to configure the user interface displayed via the self-service portal
- Open the Service Manager Console
- Go to Library\Service Catalog\Request Offerings and Click "Create Request Offering"
- Title: Remove Device from Collection
- Description: Remove Device from CM Collection
- Template name: Remove Device from Collection SR Template
- Management Pack: DataCenter Automation: Configuration Manager Collections UI
- User Prompts
- Select Collection | Required | Query Results
- Select Device(s) | Required | Query Results
- Configure Prompts
- Select Collection
- Select Class: Collection Projection
- Display Columns: DisplayName, CollectionID, MemberCount
- Options: Check Add user-selected objects to template object as related items (Add Device to Collection SR - (Service Request))
- Select Devices
- Select Class: Windows Computer
- Display Columns: DisplayName, PrincipalName, CMClient
- Options: Check Allow the user to select multiple objects and Add user-select objects to template object as related items (Add Device to Collection SR - (Service Request))
- Publish: Published
- Select Collection
Create Service Offering for Collection Membership Management
The Collection Membership Management service offering will be used to display the Manage Collections requests via the self-service portal
- Open the Service Manager Console
- Go to Library\Service Catalog\Service Offerings and Click "Create Service Offering"
- Title: Collection Membership Management
- Overview: CM Collection Membership Management
- Description: Manage CM Collection Membership
- Management Pack: DataCenter Automation: Configuration Manager Collections UI
- Request Offerings: Add Device to Collection, Remove Device from Collection
- Publish: Published
- Click "Create"
Create Device Groups
This will limit the devices displayed to the location the logged on user has access to
- Open the Service Manager Console
- Go to Library\Groups and click "Create Group"
- Group name: Dallas Devices
- Group description: Devices located in the Dallas location
- Management pack: DataCenter Automation: Access Control
- Dynamic Members
- Class: Windows Computer
- Criteria: Organizational Unit contains %DALLAS%
- Click "Create"
- Repeat for each location
Update User Roles with Device Groups
Adding the device groups to the user roles lets location admins see their devices
- Open the Service Manager Console
- Go to Administration\Security\User Roles\Dallas Administrators
- Open the role and select "Dallas Devices" as a new Configuration item Group
- Repeat for each location
Test Scenarios
- Open the Service Manager Self-Service Portal logged in as a location admin
- Click on the Collection Membership Management Service Offering
- Click on the Add Device to Collection Request Offering
- Click Go to request form
- Confirm that only collections and devices at that location are listed
- Check a collection to add devices to (if one exists at that location)
- Check several machines to add to that collection
- Click Next and then Submit
- Repeat testing for Remove Device from Collection Request Offering
- Go to "My Requests" and ensure they were completed successfully
- Use CMTrace to view output of the logs
Request Form
CMTrace Log
Summary
This solution allows administrators to view the collections and devices they own and manage the membership of those collections. The collection membership is viewable in the Portal and as changes are made via the Portal they are synchronized between Configuration Manager and Service Manager
Continue to the 8th post in this series: Using the Service Manager Self-Service Portal to Manage Operations Manager Agents