Author: Ravi Yadav

Ravi Yadav is a Senior Technical Consultant @ Infront Consulting Group. Working specifically with Microsoft System Center suite, specializing in Operations Manager, OMS (Operational Management Suite), Management Pack (MP) Dev, Configuration Manager and Virtual Machine Manager. He is based out of Canada, and when he is not at his PC, he enjoys reading, cooking, photography and keeping up with the Toronto Blue Jays.

Migrating Notifications from SCOM 2012 R2 to 2016

When upgrading a SCOM environment from 2012R2 (or 2012) to 2016, one of the most time demanding tasks can be replicating the notifications settings. In my case, I had to do a brand new install, and needed some way to migrate the notifications configuration from the old SCOM environment to the new. Luckily there is a pretty quick way to achieve this. Let’s begin!

Log in to the 2012R2 environment, go to the Administrations pane, and locate and export the Notifications Internal Library (Microsoft.SystemCenter.Notifications.Internal). Export this MP somewhere locally.

Open the MP/XML file with some editing tool, Notepad, Notepad++, Visual Studio, etc….

As you can see, this MP version is version 7.1.10226.0.

If you quickly hop over to the SCOM 2016 environment, and locate the same MP (same name, Microsoft.SystemCenter.Notifications.Internal), you will notice it is a different version. What we will need to do here is, update the OLD MP to a version number just slightly higher than the one in the 2016 environment.

So, in my case, I will change 7.1.10226.0 to 7.2.11719.1. Save the XML file, and copy it over to the SCOM 2016 environment.

Next we have two options:

  1. we can either import the updated MP, or,
  2. alternatively we can delete the MP from SCOM 2016 (v7.2.11719.0)

Before doing that, it is recommended to export the MP, and save it for “just in case“. In my case, I deleted the MP.

Now if you go into Notifications settings, you will see an exact copy of the configurations from your SCOM 2012R2 environment. To enable all the notifications, or disable, execute the following cmdlet in the OperationsManager console.

Get-SCOMNotificationSubscription | Enable-SCOMNotificationSubscription
Get-SCOMNotificationSubscription | Disable-SCOMNotificationSubscription

As an FYI, I forgot to disable the subscriptions beforehand. This would have been ideal to do before saving the XML file before importing into SCOM 2016. You can edit this by replacing the following text. Run a Control+H (Replace), and Replace All, Enabled=”true” to Enabled=”false”.


There you go! Notifications have been replaced from SCOM 2012R2 to SCOM 2016.

Monitoring Domain Controllers in SCOM 2016 – Event ID 1102

So  you deploy a SCOM 2016 agent to a Windows 2016 Domain Controller, only problem is, after the agent push, discovery doesn’t work. Well, the agent isn’t corrupted… Ports are open… SCOM agent is being deployed using the System Local account…  etc. etc. So, now what?

Taking a look at the Windows 2016 domain controller and its event log, the domain controller OpsMgr log is getting bombarded with Event IDs 1102….

After some investigation, seems to be this has been an issue in SCOM 2012 (and 2012R2) as well. Well, here’s the fix…

Taking a look at the HSLockdown, the Local System account is being denied access..  Browse to the following folder “%windir%\Program Files\Microsoft Monitoring Agent\Agent “and run the following command (elevated access…), “HSLockdown.exe /L

Now that we can see the Local System account is being denied access, let’s give it access… Running the following command, “HSLockdown /A “NT AUTHORITY\SYSTEM“. Restart the SCOM Agent (net stop HealthService.exe & net start HealthService.exe) and you should be good to go now!


How To Disable Azure AD Connect via PowerShell

Recently I came across an environment where Exchange was being migrated to Office 365. As you may know, DirSync is no longer supported for Exchange/O365 migrations and Microsoft recommends you now use Azure AD Connect.

With that said, recently in a PoC environment, using Azure AD Connect, the domain controller that was running the Azure AD Connect utility was never uninstalled, and the VM was shortly deleted. Well, as a result, the O365 admins are now getting reminded daily that their AD Sync has failed to connect.

As of today, there is no way to disable Azure AD Connect via the Azure Resource Manager (ARM) portal, but this can be done with some PowerShell. If you take a look at the ARM portal, there is no option to currently disable the directory synchronization.

First, you will need to install the Azure Active Directory Connection utility, the download for that can be found HERE. This will provide you the PowerShell cmdlet’s needed to run the code below. No, AzureADPreview V2 will not work (yet…).

Once installed, launch the PowerShell console and we will need to connect to Azure AD and trigger the Directory Sync to false. Below are the commands you will need to get this done. Note, you will need an Azure global admin account with the *@* domain to successfully sign into Azure AD via PowerShell.

#specify credentials for azure ad connect
$Msolcred = Get-credential
#connect to azure ad
Connect-MsolService -Credential $MsolCred
#disable AD Connect / Dir Sync
Set-MsolDirSyncEnabled –EnableDirSync $false 
#confirm AD Connect / Dir Sync disabled

If you choose to re-enable the AD Connect, just change the flag to TRUE.

Set-MsolDirSyncEnabled –EnableDirSync $true 

Once complete, we can now verify the Directory Sync has now been disabled in ARM.

For more on Azure AD PowerShell cmdlets, visit the following page, HERE.

Transfer Active Directory FSMO Roles via PowerShell

Sometimes a domain controller (DC) just needs to be decommissioned for whatever reason, let’s say an upgrade, or corrupted VM and the roles are now seized.. nevertheless, moving the FSMO (Flexible single master operation) roles can be done via the UI, however if you want to speed things up and do it with PowerShell, here is how to that.

In my scenario, I am decommissioning my Hyper-V server which at the time was acting as the primary DC. Now that it is being decomm’ed I need to transfer the FSMO roles to another DC. The destination DC is “DC01” in this case.

Move-ADDirectoryServerOperationMasterRole -Identity "DESTINATION DC" -OperationMasterRole 0,1,2,3,4

You have the option here to specify a numerical value or specifying the role itself. See below for the number assoicated to each roles. You could input each role, or as I did, just input the number(s).

PDCEmulator or 0
RIDMaster or 1
InfrastructureMaster or 2
SchemaMaster or 3
DomainNamingMaster or 4

To verify the FSMO roles have been transferred, run the netdom query fsmo command.

netdom query fsmo

Hyper-V 2016 Linux Ubuntu PXE Network Boot Error

If you’re like me, you want to run Linux on your Hyper-V 2016 host, in my case I am attempting to run a Linux Ubuntu 16.04.1. Booting from an ISO, I kept getting the same error over and over. “PXE Network Boot using IPv4 ( ESC to cancel ) Performing DHCP Negotiation….“. After realizing it wasn’t the ISO media. It wasn’t the size of the VHDX. It wasn’t the memory/vCPU or vNIC configuration. It wasn’t even due to the fact it was a Generation 1 or Generation 2 VM…. It was Secure Boot function.

1 2


  1. Stop the VM
  2. Go to its Settings
  3. Within Hardware > Select Security > Disable/UncheckEnable Secure Boot” > Start your machine back up!