3 Replies Latest reply on Jul 9, 2013 11:29 AM by Bill Robinson

    Running an NSH script as remediation / Determining which servers are domain controllers

      In my environment, there are a several takes and jobs that need to be run against domain controllers and several other different tasks and jobs that must be run against Microsoft Windows member servers. To differentiate between the two, the client created a property called "DomainController" with a value of "Yes" or "No" that is manually completed when the server is first provisioned. For all of the tasks and jobs, I created Compliance Rules (which include the "DomainController" server property) that use a BLPackage for remediation. Everything works fine, no problem.


      The problem is that we are finding that not all servers are accurately labelled as to whether they are domain controllers or not. Human error. What I would like to do is create another compliance rule that would check to see if the Windows server has a local Administrators group: if it does, it is a member server but if it does not, the server is obviously a domain controller (or has much bigger problems than not be accurately classified as a domain controller or not in BladeLogic). My plan was that, based on the results of the compliance checks, an NSH script containing blcli commands would run to correctly set the DomainController property value as remediation. Note that although I can use the presence or absence of a local Administrators group on the server as a criterion itself instead of using the value of the "DomainController" server property, I want to keep using the DomainController server property because the client has been using it for years and that is what I created my previous jobs on (i.e. I really don't want to write my previous jobs if I don't have to).


      The problem with my solution is that you cannot use an NSH script as part remediation job; only BLPackages. Unfortunately, nsh is not running on most of the Windows servers in the environment and installing it on them would be very problematic (at least from a "political" or "managerial" perspective). Also, this is a fairly dynamic environment, so the solution would need to be rerun periodically (i.e. the domain controllers found and correctly identified today would not necessarily be all the domain controllers in the infrastructure in three to six months).

      Considering the above and my (and the client's) desire to continue using the "DomainController" server property, is there a way to correct and update a server property using a BLPackage that does not include an nsh script?