I do failed logon attempts, lockouts, and unlocked alerting in SCOM from DCs and these alerts have to get generated. However, I don’t really want to have to bulk close them all the time. Does anyone know how I should trackle these in an automated fashion?
I have Tao’s self maintenance MP installed in my 2016 enviornment but when I edit any of the rules and save I get an error similar to below:
"The ‘Alias’ attribute is invalid - The value ‘2012’ is invalid according to its datatype ‘ManagementPackUniqueIdentifier’ and “XSD Verification failed for the management pack”.
Right now my daily routine is to mass close these via a custom view I put together. It is rather annoying though
I use an application called "closeoldscomalerts.exe" which for the life of me I can't find now in google. But any of the powershell scripts that allow you to close specific alerts, that allow paramaters, should work.
It allows parameters to be specified when it is run, and I run it using a Windows Scheduled task. In the screenshot below
in this case I am running it every hour to remove all alerts from now (0 time) that contain the words “user account lockout”, and are generated by rules.
Powershell to the rescue. Just schedule this adjusting variables accordingly. You can do your criteria as complex as you wish (either in the Criteria, the Filter that follows or as here a mix of both)
if (!(Get-Module OperationsManager -ea silentlycontinue)) {Import-Module OperationsManager}
