Scheduling and disabling the SCSM Active Directory connector via powershell

  • Article

One of my customers noticed a console performance decrease every hour when the AD connector/s ran. So we had to come up with a plan on how to schedule the AD connector to only run during the nigth. When setting up the AD connector via the SCSM Console, there are no options on scheduling when to run.

With the SCSM Powershell commandlets comes two cmdlets that are usefull for this scenario:

  • Get-SCSMConnector
  • Set-SCSMConnector

So in the order to create a scheduled task to enable and disable the connector during the nigth, we came up with the rather simple script:

Get-SCSMConnector ^AD |Set-SCSMConnector -state:Disabled

This command disables the connector, you migth think......but unfortunately it doesn't do it completely. So even though the connector in the UI, or via GET-SCSMConnector, has a status of disabled, it still manages to kick off every hour. We could see in the SCSM Console that the start and end time was outside the nigthly schedule

Even the Get-SCSMConnector showed the connectors to have an Enabled status of False

It turns out that the Set-SCSMConnectors doesn't disables all the triggers in the SCSM Database and therefore the connector seems to have its own life. But after talking to Micrsoft support, they discovered that running the SET-SCSMConnectors twice, actually disables the connector completely - for sure.

So now the script to disable the AD connector will look like this:

Get-SCSMConnector ^AD |Set-SCSMConnector -state:disabled

Start-Sleep -m 10000

Get-SCSMConnector ^AD |Set-SCSMConnector -state:disabled

And the script to enable the AD Connector wiil look like this:

Get-SCSMConnector ^AD |Set-SCSMConnector -state:enabled

We then created a schedule tasks to Enable the AD Connector at 0:00 and a schedule taks to disable the AD Connector at 02:00.

If a need to run the ADconnectors occured during the day, the customer could enable the connector via the UI and start the Synchronisation manually. Alternatively run a powershell script that enables the connectors, wait at least 1 hour for the connector to run automatically, then disable the connectors via a script again.