I was thinking how to manage my sccm primary site from azure to do some automation. after couple research i found that Azure automation can manage on premise server to run powershell script. We can use powershell script to run in sccm server and do some tasks for us without human interation.
In order to achieve this goal, we need the following resources :
- Azure subscription
- Azure log analytics
- Azure log analytics Agent
- Azure automation account
-
Azure log analytics
-
-
- Create azure log analytics in Azure
- next we need to install log analytics agent to our sccm server. Navigate to newly created log analytics, and download agent and copy the workspace ID, and key.
- install the agent in SCCM server and paste workspace key and ID.
- After couple minutes you will see the logs are getting populating in Log Analytics workspace
-
-
-
Create Azure Automation Hybrid Runbook Worker
-
- As of now we dont have any hybrid runbook worker in azure automation account.
- GO to your SCCM Server and download the New-OnPremiseHybridWorker.ps1 to automate and configure the Windows Hybrid Runbook Worker role. It performs the following:
- Installs the necessary modules
- Signs in with your Azure account
- Verifies the existence of specified resource group and Automation account
- Creates references to Automation account attributes
- Creates an Azure Monitor Log Analytics workspace if not specified
- Enable the Azure Automation solution in the workspace
- Download and install the Log Analytics agent for Windows
- Register the machine as Hybrid Runbook Worker
- Download the New-OnPremiseHybridWorker.ps1 script from the PowerShell Gallery.
- You can run this command to download the Script for you.
- Install-Script -Name New-OnPremiseHybridWorker
- once downloaded script in our SCCM or target server, use following PS commands
-
$NewOnPremiseHybridWorkerParameters = @{ AutomationAccountName = <nameOfAutomationAccount> AAResourceGroupName = <nameOfResourceGroup> OMSResourceGroupName = <nameOfResourceGroup> HybridGroupName = <nameOfHRWGroup> SubscriptionID = <subscriptionId> WorkspaceName = <nameOfLogAnalyticsWorkspace> } .\New-OnPremiseHybridWorker.ps1 @NewOnPremiseHybridWorkerParameters
- SInce we already created the Log analytics workspace, we will just add our existing log analytics workspace name in that PS object value. below is completed one for my environment
-
$NewOnPremiseHybridWorkerParameters = @{ AutomationAccountName = "onpremise-automation" AAResourceGroupName = "Automation" OMSResourceGroupName = "Automation" HybridGroupName = "worker1" SubscriptionID = "paste your subscription ID" WorkspaceName = "hybridrunbook-lg" } .\New-OnPremiseHybridWorker.ps1 @NewOnPremiseHybridWorkerParameters
- Once it run successfully, you will see a Hybrider RUnbook worker “worker1” being created in your azure automation account.
- We finally created our Azure Hybrid Runbook Worker on our on-premise SCCM server.
-
-
-
Deploy/Run PowerShell Script from azure to your SCCM Server
-
-
- Go to Azure Automation Account
- Once created Run, click on it.
- Paste Following PS Script to it, but change ProviderMachineName to your SCCM server name and SiteCode too.
- This script imports sccm PS module while running the PS session, it needs sccm module to run any sccm cmds.
-
# Site configuration $SiteCode = "SF1" # Site code $ProviderMachineName = "SCCM.hashmat00.local" # SMS Provider machine name # Customizations $initParams = @{} #$initParams.Add("Verbose", $true) # Uncomment this line to enable verbose logging #$initParams.Add("ErrorAction", "Stop") # Uncomment this line to stop the script on any errors # Do not change anything below this line # Import the ConfigurationManager.psd1 module if((Get-Module ConfigurationManager) -eq $null) { Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1" @initParams } # Connect to the site's drive if it is not already present if((Get-PSDrive -Name $SiteCode -PSProvider CMSite -ErrorAction SilentlyContinue) -eq $null) { New-PSDrive -Name $SiteCode -PSProvider CMSite -Root $ProviderMachineName @initParams } # Set the current location to be the site code. Set-Location "$($SiteCode):\" @initParams Get-CMAccount | select username
- Click Save and click on Test Pane
- On the Test Pane Settings,
- Choose Run on = Hybrid Worker
- Hybrid Worker Group = Worker1 “yours will be different name”
- then click Start on Top
- Once It Run successfully , you will see the output from your on-premise SCCM server.
- once you are done, click on Publish button.
-
-
-
Similarly you can use any SCCM Powershell Command to automate your workload. ex: add device to collection, create packages, deploy Task sequence.. etc.