A few days ago I was asked if I had a script to list all RunAsAccounts in a SCOM Management Group and their associated RunAsProfile (“Which profile uses which account?” or "Which account is used in which profile?"). I had none, but in my youthful carelessness I thought, that couldn’t be rocket science…
Ok, it was not rocket science, but much harder as I thought. Quickly I came up with a function which used Get-SCOMRunAsProfile and a method of the Management Group called GetMonitoringSecureDataHealthServiceReferenceBySecureReferenceId() to process all RunAsAccounts and list there usage in profiles. Unfortunately this method only lists accounts in profiles where the target is the HealthService object itself. If you use other targets (classes, instances) it won’t work.
Hmm, looking at the console I found a link “Where is the credential used?”, which does the trick.
But how do I translate this into PowerShell?
Thanks to our highly knowledgeable and extremely helpful Support Engineer Mihai Sarbulescu who showed me the code behind this link I could finally finish this task!
When you run the function get-customscomrunasaccounttoprofile it will list all SCOM RunAsAccounts and their usage like this:
- lists all RunAsAccounts
- shows their usage in profiles and
- displays the corresponding target ID and the display dame of the target
You can download the most current version of the function at TechnetGallery.