SCOM Service Accounts Creation Script

System Center Logo

I often find myself in the need to install SCOM in my home lab environment and one step which really annoys me is SCOM Service Accounts Creation.

I have developed a small script which will take care of the tedious task of setting up necessary service accounts and groups.

	 Created with: 	PowerShell Studio 2016 v5.2.129
	 Created on:   	20.10.2016
	 Created by:   	Daniele Catanesi
	 Filename:     	Set-SCOMAccounts.ps1
	 Version:		1.0
		A simple script to create necesssary SCOM Service Accounts and groups

# Variable definition #

# Define the password assigned to service accounts
# For security reasons multiple passwords sohould be specified
$accountPassword = 'Initial1'

# Defines the domain name used in the user's UPN
$domainName = 'helocheck.lab'

# Organizational Unit where users/groups will be created
$organizationalUnit = 'OU=Service Accounts,DC=helocheck,DC=lab'

# Create SCOM Service Accounts
New-ADUser -Name "SCOM_AA" -GivenName SCOM -Surname AA -SamAccountName test-scom_aa -UserPrincipalName scom_aa@$domainName -AccountPassword (ConvertTo-SecureString $accountPassword -AsPlainText -Force) -Path $organizationalUnit -PassThru | Enable-ADAccount
New-ADUser -Name "SCOM_DA" -GivenName SCOM -Surname DA -SamAccountName test-scom_da -UserPrincipalName scom_da@$domainName -AccountPassword (ConvertTo-SecureString $accountPassword -AsPlainText -Force) -Path $organizationalUnit -PassThru | Enable-ADAccount
New-ADUser -Name "SCOM_OMS" -GivenName SCOM -Surname OMS -SamAccountName test-scom_oms -UserPrincipalName scom_oms@$domainName -AccountPassword (ConvertTo-SecureString $accountPassword -AsPlainText -Force) -Path $organizationalUnit -PassThru | Enable-ADAccount

# Create SQL Service Accounts
New-ADUser -Name "SCOM_SQL_READ" -GivenName SCOM -Surname SQL_READ -SamAccountName scom_sql_read -UserPrincipalName scom_sql_read@$domainName -AccountPassword (ConvertTo-SecureString $accountPassword -AsPlainText -Force) -Path $organizationalUnit -PassThru | Enable-ADAccount
New-ADUser -Name "SCOM_SQL_WRITE" -GivenName SCOM -Surname SQL_WRITE -SamAccountName scom_sql_write -UserPrincipalName scom_sql_write@$domainName -AccountPassword (ConvertTo-SecureString $accountPassword -AsPlainText -Force) -Path $organizationalUnit -PassThru | Enable-ADAccount

# Create SCOM Administrative Group and add necessary accounts
New-ADGroup SCOM_ADMINS -GroupScope Global -GroupCategory Security -Path $organizationalUnit
Add-ADGroupMember SCOM_ADMINS -Members scom_aa
Add-ADGroupMember SCOM_ADMINS -Members scom_da

The script is really simple and need to be adjusted to suit your specific environment as all values are set to what I am using in my environment.

Only requirement is importing the Active Directory module before running the script which will take care of creating  all required SCOM Service Accounts.

I hope you will find this little script useful you can copy/paste the code above or download it from Technet Gallery.


2 thoughts on “SCOM Service Accounts Creation Script

    1. D’oh 🙂

      I was inspired by you without knowing, I see I’m not the only lazy one out there. All in all this script is part of a bigger project I’m working on which I’ll be able to publish soon(tm).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s