Serge Chegorian's System Center Blog

Serge Chegorian's System Center Blog

How to create a new SCCM system role with a script

August 8th, 2013

Both SCCM 2007 and 2012 keep system role information in the site control file. So the two main operation at the begining and at the end of the script will be getting the file handle, refreshing the file, commit changes and release the handle.

$ComputerName = "MySiteServer"
$MyNewRoleServer = "MyNewRoleServer"
$sitecode = "ABC"
$nameSpacePath = "\\$ComputerName\root\sms\site_$sitecode"
$domainname=".mydomain.local"

# Get a session handle for the site control file
$scf = Invoke-WmiMethod -Namespace $NameSpace -class SMS_SiteControlFile -name GetSessionHandle -computername $ComputerName

# Refresh the WMI copy of the site control file
$refresh = Invoke-WmiMethod -Namespace $NameSpace -class SMS_SiteControlFile -name RefreshSCF -ArgumentList $sitecode -computername $ComputerName
<#
your main script will be here
#>
# Commit site control file from WMI to the actual file
$commit = Invoke-WmiMethod -Namespace $NameSpace -class SMS_SiteControlFile -name CommitSCF $sitecode -computername $ComputerName

# Release session handle
$scf = Invoke-WmiMethod -Namespace $NameSpace -class SMS_SiteControlFile -name ReleaseSessionHandle -ArgumentList $scf.SessionHandle -computername $ComputerName

Creating SCCM Site System role (protected)


$ComputerName = "MySiteServer"
$MyNewRoleServer = "MyNewRoleServer"
$sitecode = "ABC"
$nameSpacePath = "\\$ComputerName\root\sms\site_$sitecode"
$domainname=".mydomain.local"

# Get a session handle for the site control file
$scf = Invoke-WmiMethod -Namespace $NameSpace -class SMS_SiteControlFile -name GetSessionHandle -computername $ComputerName

# Refresh the WMI copy of the site control file
$refresh = Invoke-WmiMethod -Namespace $NameSpace -class SMS_SiteControlFile -name RefreshSCF -ArgumentList $sitecode -computername $ComputerName

$role_class = [wmiclass]""
$role_class.psbase.Path ="\\$ComputerName\root\sms\site_$($sitecode):SMS_SCI_SysResUse"
$script:role = $role_class.createInstance()

#create the SMS Site Server
$role.NALPath = "[`"Display=\\$MyNewRoleServer\`"]MSWNET:[`"SMS_SITE=$sitecode`"]\\$MyNewRoleServer\"
$role.NALType = "Windows NT Server"
$role.RoleName = "SMS Site System"
$role.SiteCode = $sitecode
$roleproperties = @()

#Server FQDN name
$embeddedproperty_class = [wmiclass]""
$embeddedproperty_class.psbase.Path = "\\$ComputerName\root\sms\site_$($sitecode):SMS_EmbeddedProperty"
$embeddedproperty = $embeddedproperty_class.createInstance()
$embeddedproperty.PropertyName = "Server Remote Name"
$embeddedproperty.Value = 0
$embeddedproperty.Value1 = $MyNewRoleServer+$domainname
$embeddedproperty.Value2 = ""
$roleproperties += [System.Management.ManagementBaseObject]$embeddedproperty

#Protected system
$embeddedproperty_class = [wmiclass]""
$embeddedproperty_class.psbase.Path = "\\$ComputerName\root\sms\site_$($sitecode):SMS_EmbeddedProperty"
$embeddedproperty = $embeddedproperty_class.createInstance()
$embeddedproperty.PropertyName = "IsProtected"
$embeddedproperty.Value = 1
$embeddedproperty.Value1 = ""
$embeddedproperty.Value2 = ""
$roleproperties += [System.Management.ManagementBaseObject]$embeddedproperty

$embeddedpropertylist_class = [wmiclass]""
$embeddedpropertylist_class.psbase.Path = "\\$ComputerName\root\sms\site_$($sitecode):SMS_EmbeddedPropertyList"
$embeddedpropertylist = $embeddedpropertylist_class.createInstance()
$embeddedpropertylist.PropertyListName="Protected Boundary"
$embeddedpropertylist.Values = @("IP Ranges","10.0.0.1-10.0.0.22")

$role.Props = $roleproperties
$role.PropLists = $embeddedpropertylist
$role
$role.Put()
if($?) { "Site system role is created. Do not forget to protect this site system!" }# Release session handle
else { "Site system cannot be created, error: $($error[0])"}

# Commit site control file from WMI to the actual file

$scf = Invoke-WmiMethod -Namespace $NameSpace -class SMS_SiteControlFile -name ReleaseSessionHandle -ArgumentList $scf.SessionHandle -computername $ComputerName

This script will add the server MyNewRoleServer to ABC site site systems with an only role ConfigMgr Site System protected to the boundary “10.0.0.1-10.0.0.22″ (assigning the boundary will not work in SCCM 2012!!!)

Serge Chegorian's System Center Blog

Serge Chegorian's System Center Blog