ave-om, deploy scom agent

param(
    [string]$serverName
)

$serverName = "xxx.healthcare.local"

function WaitForProcess($procID){
    $waitRetry = 60
    while ($waitRetry -gt 0){
        if (-not (Get-WmiObject -Class Win32_Process -Filter ("ProcessId=" + $procID) -ComputerName $serverName -Credential $cred)){
            $waitRetry=0
        }

        $waitRetry--
        Start-Sleep -Seconds 3
    }
}

net use "\\$($serverName)\c`$" /user:"id-yyyy\yyyy" "xxxx"

if (-not (dir "\\$($serverName)\c`$\temp")) {
    md "\\$($serverName)\c`$\temp"
}

if (-not $cred) {
    $pwdCred = ConvertTo-SecureString -String "xxxx" -AsPlainText -Force
    $cred = new-object System.Management.Automation.PSCredential("id-xxxx\yyyy",$pwdCred)
}

copy "C:\temp\scom2016\agent\AMD64" "\\$($serverName)\c`$\temp\scomagent\" -Recurse -Force

copy "C:\temp\scom2016\SupportTools\AMD64" "\\$($serverName)\c`$\temp\scomtools\" -Recurse -Force

if (-not (more "\\$($serverName)\c`$\windows\system32\drivers\etc\hosts" | where {$_ -like "*ave-omms01.ave-om.local*"})){
    "10.250.199.6`tscom-xxx.xxx-om.xxx" | add-content -Path "\\$($serverName)\c`$\windows\system32\drivers\etc\hosts"
}

$scomParam = "USE_SETTINGS_FROM_AD=0 USE_MANUALLY_SPECIFIED_SETTINGS=1 " +
    "MANAGEMENT_GROUP=AVE-OM-MG MANAGEMENT_SERVER_DNS=scom.scom-om.local SECURE_PORT=5723 "+
    "ACTIONS_USE_COMPUTER_ACCOUNT=1 AcceptEndUserLicenseAgreement=1 ENABLE_ERROR_REPORTING=0" +
    "QUEUE_ERROR_REPORTS=0"
$installagentCmd = 'msiexec.exe /i c:\temp\scomagent\MOMAgent.msi /qn /norestart '+$scomParam

$retObj = Invoke-WmiMethod -Class Win32_Process -Name "Create" -ComputerName $serverName -ArgumentList @($installagentCmd) -Credential $cred

if ($retObj.ReturnValue -eq 0){
    WaitForProcess -procID $retObj.ProcessId
}

$momCertCmd = 'c:\temp\scomtools\MOMCertImport.exe /SubjectName "' + $serverName +'"'

$retObj = Invoke-WmiMethod -Class Win32_Process -Name "Create" -ComputerName $serverName -ArgumentList @($momCertCmd) -Credential $cred

if ($retObj.ReturnValue -eq 0){
    WaitForProcess -procID $retObj.ProcessId
}

#sc "\\$serverName" stop HealthService
#sc "\\$serverName" start HealthService

del "\\$($serverName)\c`$\temp\scomagent\" -Recurse -Force
del "\\$($serverName)\c`$\temp\scomtools\" -Recurse -Force

net use "\\$($serverName)\c`$" /delete

ave-om, request/deploy certificate

param(
    [string]$serverName
)

$serverName = "sql.healthcare.local"

$req = @"

[Version]
Signature="$Windows NT$"

[NewRequest]
Subject = "CN=%subject%"
KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE | CERT_DATA_ENCIPHERMENT_KEY_USAGE"

[Strings]
szOID_ENHANCED_KEY_USAGE = "2.5.29.37"
szOID_PKIX_KP_SERVER_AUTH = "1.3.6.1.5.5.7.3.1"
szOID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2"

[RequestAttributes]
CertificateTemplate=SCOMCert

"@

#[Extensions]
#%szOID_ENHANCED_KEY_USAGE% = "{text}%szOID_PKIX_KP_SERVER_AUTH%,%szOID_PKIX_KP_CLIENT_AUTH%"

$cert = dir cert:\localmachine\my | where {$_.subject -eq ("CN=" + $serverName)}
if (-not $cert) {
    $req = $req.Replace("%subject%", $serverName)

    $req | set-content ($serverName + ".txt")

    certreq.exe -new ($serverName + ".txt") ($serverName + ".req")
    #-attrib "CertificateTemplate:SCOMCert"
    certreq.exe -submit  ($serverName + ".req") ($serverName + ".cer")
    certreq.exe -accept ($serverName + ".cer")
}

$cert = dir cert:\localmachine\my | where {$_.subject -eq ("CN=" + $serverName)}
if ($cert) {
    $cert  | Export-PfxCertificate -Password (ConvertTo-SecureString -String  "xxxxxx" -AsPlainText -Force ) -FilePath (join-path "c:\temp" ($serverName + ".pfx"))
}

net use "\\$($serverName)\c`$" /user:"zzz-yyy\yyyyy" "xxxxx"

if (-not (dir "\\$($serverName)\c`$\temp")) {
    md "\\$($serverName)\c`$\temp"
}

if (-not $cred) {
    $pwdCred = ConvertTo-SecureString -String "xxxxx" -AsPlainText -Force
    $cred = new-object System.Management.Automation.PSCredential("zzz-yyy\yyyyy",$pwdCred)
}

copy (join-path "c:\temp" ($serverName + ".pfx")) "\\$($serverName)\c`$\temp\" -Force

$installPfxCmd = 'certutil.exe -importPFX -p "xxxxx" "c:\temp\'+$serverName+'.pfx"'

Invoke-WmiMethod -Class Win32_Process -Name "Create" -ComputerName $serverName -ArgumentList @($installPfxCmd) -Credential $cred

del ($serverName + ".txt") -ErrorAction Ignore
del ($serverName + ".req") -ErrorAction Ignore
del ($serverName + ".cer") -ErrorAction Ignore

del ("\\$($serverName)\c`$\temp\" + $serverName+".pfx")

net use "\\$($serverName)\c`$" /delete

ave-om, create dns rec

$record = @(
"name.domain.com", "10.250.205.191"
)

$serverName = "ave-dc01"
$resName = $record[0].Split(".")[0]
$zoneName = $record[0].Substring($resName.Length + 1)
Add-DnsServerResourceRecordA -ZoneName $zoneName -Name $resName -ComputerName $serverName -IPv4Address $record[1]