Enable Agent Proxy for a Class (ClassProxyEnabler)

Agent Proxy needs to be enabled for several different management packs features to work properly.  Active Directory, Cluster and Exchange are just a few common management packs requiring Agent Proxy to be enabled.

Enabling the Agent Proxy security setting allows an agent to submit data on behalf of another source.  By default, this setting is not enabled for any agents.  So when we import a management pack which expects an agent to submit data not originating from that agent (other sources), we need to enable this security feature in order for some workflows to function.

There are several scripts available in various posts which help accomplish this task, as it can be quite tedious selecting individual agents and configuring this manually.  There are even a couple tools published that have helped many administrators accomplish this task, both GUI and command line.

Since it’s usually a particular type or role which an agent hosts that requires Agent Proxy to be enabled, I thought it would be nice if we could run a script that would enumerate all agents that host a particular type or role and enable Agent Proxy in one pass.

By the way, I hear that there will be increasingly more MP’s which will require Agent Proxy, so the future of Agent Proxy is very strong and we’ll need a way to enable this setting for the masses.

 

Exclamation Test this script thoroughly in your lab environment before attempting to use in production to avoid mistakenly enabling or disabling agent proxy on unintended targets.  If you choose to run it against Windows Computer class, it will enable or disable it for all agents in the management group.

 

Note This script works its way up the parent class path, until it finds a Windows Computer object.  It then resolves the Agent Base Managed Entity Id and sets the Agent Proxy property.  If the class you choose does not resolve to a Windows Computer object, the script will fail. Keep in mind, this is a fairly raw script without error handling and many bells and whistles.

 

GreenCircle Here are a few classes I tested the script against, enabling Agent Proxy on agents which commonly need it enabled.
  * Microsoft.Windows.Server.DC.Computer – all domain controllers
  * Microsoft.Windows.Cluster.Node – all cluster nodes
  * Microsoft.Exchange.ServerRole.2003 – all exchange 2003 server roles
  * Microsoft.Exchange2007.ServerRole – all exchange 2007 server roles
  If you want to return a list of all classes, run the following command:
  Get-MonitoringClass | Select DisplayName,Same | Sort DisplayName

 

Question Usage: Copy the entire script below, everything between ##--Begin and ##--End, and paste into a text file in some location.  Name the file ClassProxyEnabler.ps1. Open Operations Manager Command Shell and type in the path to the script and the required parameters, and hit enter. Parameters Class Name: This is the class system name, not the friendly name. $True/$False: $true to enable, $false to disable Output directory: The script logs all actions to this directory, with file name “class_date_time.txt”.  This directory must exist.  If there are spaces in the path, the path must be enclosed in quotes. Example: c:\ClassProxyEnabler.ps1 Microsoft.Windows.Server.DC.Computer $true c:\out\  image

 

##--Begin ClassProxyEnabler.ps1

Param($className,$bTF,$fileDir)
##--Get the class in which you want to set Agent Proxing
$class = Get-MonitoringClass | Where {$_.Name -eq $className}
##--Get all objects in that class
$objects = Get-MonitoringObject -monitoringClass:$class
##--Create an array of BME's
$arrBME = @()
Foreach ($object in $objects)
{
Do
{
$parent = $object.getParentPartialMonitoringObjects()
Foreach ($oParent in $parent) {If ($oParent.FullName -match "Microsoft.Windows.Computer:") {$object = $oParent}}
}
Until ($object.FullName -match "Microsoft.Windows.Computer")
$arrBME += $object.Id.ToString()
}
##--Create an array of agents to help script performance.
$agentArray = @()
Foreach ($agent in Get-Agent)
{
$agentArray += $agent
}
##--Create output file
$localTime = (get-date).ToLocalTime()
$year = $localTime.year.ToString()
$month = $localTime.month.ToString()
$day = $localTime.day.ToString()
$hour = $localTime.hour.ToString()
$min = $localTime.minute.ToString()
$fileName = $class.name + "_" + $year + "-" + $month + "-" + $day + "_" + $hour + "-" + $min + ".txt"
$filePath = $fileDir + $fileName
##--Walk through the array and set Agent Proxying for each agent
Foreach ($BME in $arrBME)
{
$i=0
While ($i -ne $agentArray.count)
{
If ($BME -eq $agentArray[$i].Id.ToString())
{
##--Screen formatting
##--If already set to preference, skip with message.
If ($agentArray[$i].ProxyingEnabled.Value -eq $bTF)
{
$agentArray[$i].ComputerName + "`tNo action taken"
$agentArray[$i].ComputerName + "`tNo action taken" | out-file $filePath -append
$i = $agentArray.count
##--Allow operator to track screen output
Start-Sleep -m 200
}
##--If not set to preference, modify with message.
Else
{
$agentArray[$i].ComputerName + "`tModifying..."
$agentArray[$i].ComputerName + "`tModifying..." | out-file $filePath -append
$agentArray[$i].set_proxyingEnabled($bTF)
$agentArray[$i].applyChanges()
$i = $agentArray.count
##--Allow operator to track screen output
Start-Sleep -m 200
}
}
Else
{
$i+=1
}
}
}
Write-Host "`n`n`n`nResults saved to $filePath`n`n`n"

##--End ClassProxyEnabler.ps1

 

tip Schedule this script to run on a regular basis for the domain controller or cluster classes.  Whenever new domain controllers or cluster nodes come online, Agent Proxy will be enabled automatically. This script ONLY makes modifications if required.  In other words, there is no harm in running this multiple times.  Agent Proxy will only be modified if it does not match the $true or $false parameter supplied.