Enabling Agent Proxy for a Class in System Center Operations Manager 2007

image Agent Proxy needs to be enabled for several different management pack features to work properly.  Active Directory, Cluster and Exchange are few common management packs requiring Agent Proxy to be enabled, just to name a few.  Enabling the Agent Proxy security setting allows an agent to submit data on behalf of another source.  By default this setting is not enabled for any agents, so when we import a management pack that expects an agent to submit data not originating from that agent (i.e. other sources) we need to enable this security feature in order for some workflows to function.

There are several scripts available in various posts which help accomplish this task, as it can be quite tedious selecting individual agents and configuring this manually.  There are even a couple tools published that have helped many administrators accomplish this task, both GUI and command line.

Since it’s usually a particular type or role which an agent hosts that requires Agent Proxy to be enabled, I thought it would be nice if we could run a script that would enumerate all agents that host a particular type or role and enable Agent Proxy in one pass.

image Test this script thoroughly in your lab environment before attempting to use in production to avoid mistakenly enabling or disabling agent proxy on unintended targets.  If you choose to run it against Windows Computer class, it will enable or disable it for all agents in the management group.

image This script works its way up the parent class path, until it finds a Windows Computer object.  It then resolves the Agent Base Managed Entity Id and sets the Agent Proxy property.  If the class you choose does not resolve to a Windows Computer object, the script will fail.
Keep in mind, this is a fairly raw script without error handling and many bells and whistles.

imageHere are a few classes I tested the script against, enabling Agent Proxy on agents which commonly need it enabled.

Microsoft.Windows.Server.DC.Computer – all domain controllers

  • Microsoft.Windows.Cluster.Node – all cluster nodes

  • Microsoft.Exchange.ServerRole.2003 – all exchange 2003 server roles

  • Microsoft.Exchange2007.ServerRole – all exchange 2007 server roles

If you want to return a list of all classes, run the following command:

Get-MonitoringClass | Select DisplayName,Same | Sort DisplayName

image Usage:

Copy the entire script below, everything between ##–Begin and ##–End, and paste into a text file in some location.  Name the file ClassProxyEnabler.ps1.

Open Operations Manager Command Shell and type in the path to the script and the required parameters, and hit enter.


Class Name: This is the class system name, not the friendly name.
$True/$False: $true to enable, $false to disable
Output directory: The script logs all actions to this directory, with file name “class_date_time.txt”.  This directory must exist.  If there are spaces in the path, the path must be enclosed in quotes.


c:\ClassProxyEnabler.ps1 Microsoft.Windows.Server.DC.Computer $true c:\out\


##–Begin ClassProxyEnabler.ps1

##–Get the class in which you want to set Agent Proxing
$class = Get-MonitoringClass | Where {$_.Name -eq $className}
##–Get all objects in that class
$objects = Get-MonitoringObject -monitoringClass:$class
##–Create an array of BME’s
$arrBME = @()
Foreach ($object in $objects)
    If ($object.FullName -notcontains “Microsoft.Windows.Computer:”)
            $parent = $object.getParentPartialMonitoringObjects()
            Foreach ($oParent in $parent) {If ($oParent.FullName -match “Microsoft.Windows.Computer”) {$object = $oParent}}
        Until ($object.FullName -match “Microsoft.Windows.Computer”)
        $arrBME += $object.Id.ToString()
##–Create an array of agents to help script performance.
$agentArray = @()
Foreach ($agent in Get-Agent)
    $agentArray += $agent
##–Create output file
$localTime = (get-date).ToLocalTime()
$year = $localTime.year.ToString()
$month = $localTime.month.ToString()
$day = $localTime.day.ToString()
$hour = $localTime.hour.ToString()
$min = $localTime.minute.ToString()
$fileName = $class.name + “_” + $year + “-” + $month + “-” + $day + “_” + $hour + “-” + $min + “.txt”
$filePath = $fileDir + $fileName
##–Walk through the array and set Agent Proxying for each agent
Foreach ($BME in $arrBME)
    While ($i -ne $agentArray.count)
        If ($BME -eq $agentArray[$i].Id.ToString())
            ##–Screen formatting
            $space = ” ”
            $spaceCount = 30 – $agentArray[$i].PrincipalName.length
            ##–If already set to preference, skip with message.
            If ($agentArray[$i].ProxyingEnabled.Value -eq $bTF)
                $agentArray[$i].PrincipalName + $space*$spaceCount + “No action taken”
                $agentArray[$i].PrincipalName + $space*$spaceCount + “No action taken” | out-file $filePath -append
                $i = $agentArray.count
                ##–Allow operator to track screen output
                Start-Sleep -m 200
            ##–If not set to preference, modify with message.
                $agentArray[$i].PrincipalName + $space*$spaceCount + “Modifying…”
                $agentArray[$i].PrincipalName + $space*$spaceCount + “Modifying…” | out-file $filePath -append
                $i = $agentArray.count
                ##–Allow operator to track screen output
                Start-Sleep -m 200
Write-Host “`n`n`n`nResults saved to $filePath”

##–End ClassProxyEnabler.ps1

image Schedule this script to run on a regular basis for the domain controller or cluster classes.  Whenever new domain controllers or cluster nodes come online, Agent Proxy will be enabled automatically.
This script ONLY makes modifications if required.  In other words, there is no harm in running this multiple times.  Agent Proxy will only be modified if it does not match the $true or $false parameter supplied.

Jonathan Almquist | Premier Field Engineer

For more information or to provided feedback please see my original post at http://blogs.technet.com/jonathanalmquist/archive/2009/09/22/enable-agent-proxy-for-a-class-classproxyenabler.aspx.




Comments (2)

  1. Anonymous says:

    When running
    C:”Source Files”SCRIPTClassProxyEnabler.ps1 Microsoft.Windows.Server.DC.Computer $true c:out-cluster
    on my DCs two of them are showing an error:
    Bad argument to operator ‘*’: Specified argument was out of the range of valid values.
    Parameter name: rval.
    At C:Source FilesSCRIPTClassProxyEnabler.ps1:52 char:56
    + $agentArray[$i].PrincipalName + $space* <<<< $spaceCount + "No action taken" + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : BadOperatorArgument Bad argument to operator '*': Specified argument was out of the range of valid values. Parameter name: rval. At C:Source FilesSCRIPTClassProxyEnabler.ps1:53 char:56 + $agentArray[$i].PrincipalName + $space* <<<< $spaceCount + "No action taken" | out-file $filePath -append + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : BadOperatorArgument Any idea why? and I ran the process twice it is happening twice on the same DCs... Thanks, DOm

  2. show box says:

    Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
    For more info on showbox please refer below sites:
    Latest version of Showbox App download for all android smart phones and tablets.
    http://movieboxappdownloads.com/ – It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    For showbox on iOS (iPhone/iPad), please read below articles:
    Showbox for PC articles:
    There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment
    it doesn’t charge cash for watching films and recordings.
    http://www.showboxforipad.org/showbox-apk/ Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android. The above
    all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on ‘Obscure sources’.
    Movie Box, an esteemed movies application in which you can find stacks of programs and films. The guide is given here to download Movie Box app to Android and to Apple iOS 9.0.2, iOS 8.4/8.3 and also for the lower versions without Jailbreak.
    Please do login to Showbox application with the help of Ymail. You can login in Ymail from here –
    Sign Up & Do registration for latest movies on Showbox application