SCOM 2012 and 2016 Unsealed MP Backup



This is a management pack that I use in every customer environment.  You *NEED* to backup your unsealed MP’s.  This will allow you to quickly recover from a mistake, without having to restore your databases from a backup.  Over the years, I have seen many customers accidentally delete workflows, mess up their RunAs accounts, break AD integration, or break their notifications.  All of these things are stored in unsealed MP’s.  We really need to back them up, with a daily history.  The amount of space needed is very small.


This is an updated version of the community MP from written by Neale Brown, Derek Harkin, Pete Zerger and Tommy Gunn, located at:


It contains a single rule which now targets the “All Management Servers Resource Pool” which will give this workflow high availability.



The rule runs once per day (24 hours) and executes a PowerShell script.

You can edit the Write Action configuration for the number of days, and the share location, or local directory:



This will create these directories if they do not exist, either a local path on the management server, or on a share you provide as above.




It will log events to the SCOM event log for tracking:





This script will run on one of your SCOM management servers, and will execute as the SCOM Management Server Action Account by default.  If you want to specify a specific account, there is a RunAs profile included.  You will need to use an account that has SCOM admins rights to the SDK, and read/write access to the directory or share that you choose.




Changes made:

  • Supports multiple management groups exporting to the same share path
  • Add start and completion logging with runtime and whoami.
  • Make SCOM management group SDK connection more reliable and with debug logging
  • Changed the rule target to the AMSRP from RMSe for high availability and future compatibility
  • Minor renames of MP ID, script, workflows, modules.  Cleaned up displaystrings.


You can download the MP here:

Comments (9)

  1. Anu says:

    Hello Kevin,

    The help i a requesting is not relevant to this post, It will be helpful if you can provide a solution for this long running query.

    Is there any way that we can know who was deleted a Linux agent from SCOM.

    Thanks and regards..

  2. rob1974 says:

    Recently i ran in an issue with the “Microsoft.SystemCenter.Visualization.Component.Library.Resources.xml”. I did have a backup, but restoring it didn’t restore my custom images and i still needed to reimport the custom images. Not a big deal as i only had 2-3 images to do, but this will be a big issue when it contains more images and not an exact location anymore.
    Any idea how to backup this mp automatically (manually exporting it results in exporting a mpb as well).

    1. Kevin Holman says:

      Rob – is the issue that the automated backup produces an XML file but the manual backup creates the MPB which is correct since it contains binaries?

      1. rob1974 says:

        yeah, correct.
        And you will only find out when you need the backup 🙂

        1. rob1974 says:

          Actually, manually will create both, mpb and xml.

  3. MartyFrench says:

    This is a great management pack! I modified mine to create a ZIP file rather than a directory. It shrinks it down considerably. But, it requires .NET 4.5 for the particular ZIP functionality that I used.

    param ($BackupDir, $DaysOld)

    # For testing manually in PowerShell
    #$BackupDir = “\\SERVER\Backup”
    #$DaysOld = “14”

    # Constants section – modify stuff here:
    # Assign script name variable for use in event logging
    $ScriptName = “SCOM.UnsealedMPBackup.Script.WA.ps1”
    $MServer = “localhost”

    # Gather script start time
    $StartTime = Get-Date
    # Gather who the script is running as
    $WhoAmI = whoami
    # Load MOMScript API
    $momapi = New-Object -comObject MOM.ScriptAPI
    # Log an event for the script starting
    $momapi.LogScriptEvent($ScriptName,9876,0, “Script is starting. BackupDir is ($BackupDir). Days to keep is ($DaysOld). Running, as $WhoAmI.”)

    #Connect to SCOM Management Group Section
    # Clear any previous errors

    # Import the OperationsManager module and connect to the management group
    $SCOMPowerShellKey = “HKLM:\SOFTWARE\Microsoft\System Center Operations Manager\12\Setup\Powershell\V2”
    $SCOMModulePath = Join-Path (Get-ItemProperty $SCOMPowerShellKey).InstallDirectory “OperationsManager”
    Import-module $SCOMModulePath
    $momapi.LogScriptEvent($ScriptName,9876,2, “Unable to load the OperationsManager module, Error is: $error”)
    New-DefaultManagementGroupConnection $MServer
    $momapi.LogScriptEvent($ScriptName,9876,2, “Unable to connect to the management server: $MServer. Error when calling New-DefaultManagementGroupConnection. Error is: $error”)

    # Main script section
    #Get the SCOM Management Group Name for use as a directory name
    $mg = Get-SCOMManagementGroup
    $MGName = $mg.Name
    $BackupPath = “$BackupDir\$MGName”

    #Make the directory if it does not exist
    IF((test-path $BackupPath) -eq $false)
    mkdir $BackupPath

    #Get the date
    $date = get-date -format M.d.yyyy

    $BackupPathFull = “$BackupPath\$date”
    $BackupPathFullZipTemp = “$BackupPath\$date\temp”
    $BackupPathFullZipFile = “$BackupPath\$date.ZIP”

    #Make the directory for today
    IF((test-path $BackupPathFull) -eq $false)
    mkdir $BackupPathFull

    #Make the directory for today’s temp
    IF((test-path $BackupPathFullZipTemp) -eq $false)
    mkdir $BackupPathFullZipTemp

    #Export the MPs to the temp directory
    Get-SCOMManagementPack | where {$_.Sealed -eq $false} | Export-SCOMManagementPack -Path:$BackupPathFullZipTemp

    #ZIP it up, removing the file if it already exists
    If(Test-path $BackupPathFullZipFile) { Remove-item $BackupPathFullZipFile }
    Add-Type -assembly “”

    [io.compression.zipfile]::CreateFromDirectory($BackupPathFullZipTemp, $BackupPathFullZipFile)
    If(Test-path $BackupPathFullZipTemp) { Remove-item $BackupPathFullZipTemp -force -Recurse }
    If(Test-path $BackupPathFull) { Remove-item $BackupPathFull -force -Recurse }
    #do nothing else.

    #Get the ZIP files in the directory
    $ZIP_files = Get-ChildItem -Path $BackupPath -Filter “*.zip”

    $old = [System.DateTime]::Now
    $old = $old.AddDays(“-“+$DaysOld)

    #Delete folders past the days-to-keep parameter
    FOREACH($ZIP_file in $ZIP_files)
    IF($ZIP_file.CreationTime -lt $old)
    Remove-Item $ZIP_file.FullName -recurse
    # End of Main script section

    # End script and record total runtime
    $EndTime = Get-Date
    $ScriptTime = ($EndTime – $StartTime).TotalSeconds

    # Log an event for script ending and total execution time.
    $momapi.LogScriptEvent($ScriptName,9876,0, “Script has completed. BackupPathFullZipFile is ($BackupPathFullZipFile). Runtime was ($ScriptTime) seconds”)
    #End of Script

    1. Kevin Holman says:

      Very cool.

      You might note – I recently updated the MP and changed the structure – using a correct powershell write action and no longer calling PowerShell.exe, better logging and more error handling.

  4. Jaggu1684 says:

    Hi Kevin,
    This is not working for me. With or without RunAs account it’s not working. I have created a Windows RunAs account and mapped to the runas profile and distributed to all the management servers. changed the BackupDir to server share… but no luck…Any inputs?

    1. Kevin Holman says:

      Run each line manually in powershell – figure out where it is failing.

Skip to main content