Company policy requires that every Server has an administrator assigned. This information is being saved in the "Managed by" Field in the Computer Object.

It would be pretty useful to create a dynamic group in SCOM which is being populated via this AD Field. And therein lies my problem.

Steps I have tried to far.

1.Create a Attribute "Managed by" for the Windows-Computer target. This Attribute is being by the WMI Query SELECT * FROM DS_computer with the property DS_managedBy.

2.Create a group with a dynamic filter. (Object is Windows-Computer_Extended AND (Managed by Equals usr) AND True)

Now this seems reasonable in theory but apparently doesn't work at all.

Is this actually possible what I am trying to create? How am I tackling this problem?

  • 3,255
  • 2
  • 18
  • 32
  • 191
  • 7
  • 1
    This sounds to me like the kind of thing that you are going to have to script, e.g., in Powershell, and then run that script on a regular basis as a scheduled task. – Ryan Ries Jan 23 '17 at 22:23
  • @RyanRies Hm, I never thought about that. I will see what I can do and eventually post a script if I succeed. – Fairy Jan 24 '17 at 12:12

1 Answers1


After some research I found that someone already tackled this problem. Sort of. I modified this script. Got rid of the last couple of lines and added the logic below I needed. It is messy but it works like a charm. All you need to change is the management server and the inclusion regex (we have multiple domains but only want this sort of automation for one).

<Functions from original script go here>

$ManagementServer = "<ManagementServerGoesHere>"

$ManagementGroup = GetSCOMManagementGroup -ms $ManagementServer
$Groups = Get-SCOMGroup -DisplayName "Managed-By *"
$Groups |% {
    $Group = $_
    $Group.DisplayName -match "Managed-By (\w{3})" | Out-Null
    $sAMAccountName = $Matches[1]
    $User = Get-ADUser -Filter {sAMAccountName -eq $sAMAccountName}
    $UserDN = $User.DistinguishedName
    $ADManagedByComputers = Get-ADComputer -Filter {ManagedBy -eq $UserDN}
    $SCOMManagedByComputer = Get-SCOMGroup $Group.id | Get-SCOMClassInstance
    [string]$InstancesToAdd = ""
    [string]$InstancesToRemove = ""

    $ADManagedByComputers | % {
        if($SCOMManagedByComputer.DisplayName -notcontains $_.DNSHostName) {
            $Agent = Get-SCOMAgent -DNSHostName $_.DNSHostName
            if($Agent) {
                Write-Host ($_.DNSHostName + " not in SCOM Group " + $Group.DisplayName) -ForegroundColor Yellow
                $InstancesToAdd = $InstancesToAdd + "," + $Agent.Id
             } else {
                Write-Host ($_.DNSHostName + " has no Agent installed!") -ForegroundColor Gray
        } else {
            Write-Host ($_.DNSHostname + " already in SCOM Group " + $Group.DisplayName) -ForegroundColor Green

    $SCOMManagedByComputer | % {
        if($_.DisplayName -match "<InclusionRegex>") {
            if($ADManagedByComputers.DNSHostName -notcontains $_.DisplayName) {
                Write-Host ($_.DisplayName + " should not be in SCOM Group " + $Group.DisplayName) -ForegroundColor DarkYellow
                $Agent = Get-SCOMAgent -DNSHostName $_.DisplayName
                if($Agent) {
                    $InstancesToRemove = $InstancesToRemove + "," + $Agent.Id
        } else {
            Write-Host ($_.DisplayName + " is not in the domain scope. Skipping.") -ForegroundColor Cyan

    $InstancesToAdd = $InstancesToAdd.Trim(",")
    $InstancesToRemove = $InstancesToRemove.Trim(",")

        $ManagementPackName = ($Group | Get-SCOMClass).ManagementPackName
        $ManagementPackID = (Get-SCManagementPack -Name $ManagementPackName)
        $MP = ValidateGroup -mg $ManagementGroup -mp $MP -groupID $Group.FullName
    If($InstancesToAdd -ne "" -and $InstancesToRemove -ne "") {
        $MP = UpdateGroup -mg $ManagementGroup -mp $ManagementPackID -groupID $Group.FullName -instancesToAdd $InstancesToAdd -instancesToRemove $InstancesToRemove

    if($InstancesToAdd -ne "" -and $InstancesToRemove -eq "") {
        $MP = UpdateGroup -mg $ManagementGroup -mp $MP -groupID $Group.FullName -instancesToAdd $InstancesToAdd

    if($InstancesToAdd -eq "" -and $InstancesToRemove -ne "") {
        $MP = UpdateGroup -mg $ManagementGroup -mp $MP -groupID $Group.FullName -instancesToRemove $InstancesToRemove
  • 191
  • 7