Yes. Again. Shake your head, roll your eyes, make a funny face, it doesn’t matter, I’m still going to do it. Strap in and let’s go.
So, in the past month, I’ve been involved with quite a few System Center Configuration Manager, aka Config Manager, aka ConfigMgr, aka SCCM, aka kitchen sink, site (actually: multi-site) upgrade projects. They’re overlapping. My brain is overlapping too, but that’s beside the point for now. The issue is dealing with the “phase 1” stuff. The data gathering. In the old days, it meant using a flashlight, some latex gloves and some KY (if the budget allowed for that), a lit cigarette and some cold coffee, and you went to work. Your wife and kids might see you in a few weeks.
(psst. the figure above was drastically simplified so as not to offend anyone or add carbon to the environment)
Today, we’re supposed to whip out some magical automation stuff, and push the blast-o-do-it button to form a shiny new audit report from molecules and some stuff called script code. If time permits, we can add some spiffy colorful chart things to make the executives say “ooooh!” That, or whip out some magical checkbook for an expensive third-party product to do it, and struggle with their proprietary options, limitations, and platform constraints, and deal with email spam, subscription discount offers, webinars, sales calls, cold calls, cat calls, last calls, and…
There are quite a few really good script options available for free. Many from names we all know and respect (that excludes me of course). Some require a bit of sales-type marketing registration data collection, and others just want an email address so they can send a newsletter, and yet others just post bits of code all over their blogs, Facebook, Reddit, Tumblr, SnapChat and whatever.
Some work best ON the target server. Some work best from a remote computer, but not a server. Some export the data to files and then run a different script to compile that into a final report. Some pull directly into a final report. Some include SQL information, some include AD forest and networking information. Some include health metrics. Some include security configurations, missing patches, and so on.
There IS NO CONSISTENCY. NONE. ZERO.
This is my whiney, bitchy ranty, crying-ass complaint at the moment.
I’m not picking on these free (and semi-free) tools. They’re fantastic. And tons (okay, metric tons) of work and testing have gone into many of them, along with lack of sleep and a billion IMs and emails. Kudos. Seriously, it’s amazing they (you, if you’re reading this: thank you!) took the time and made something work AND shared it with us. I’d bet they did it first because they needed it for their own tasks, and then decided to share it. Whatever, it’s very much appreciated.
The problem is with regards to a relative shifting of priorities on the part of Microsoft. Hear me out, please?
So, what’s the big and I mean BIG push right now? Cloud. yes. Azure. Mmm-hmm. Azure and don’t forget that thing that tends to get wafted in front of the noses of starving SCCM customers with pesky mobile devices biting them on their ankles at their picnic: oh yes, EMS and Intune. There’s more goodies, besides the BBQ ribs (Intune), there’s the baked beans (OMS and Log Analytics, or whatever they’re naming it now), and the beer cooler (Azure AD). And if the bank is really nice, they get access to the liquor cabinet (Express Route).
But what do SCCM customers need in order to pile that stuff onto their IT budget plates and get fat? A “supported configuration”. Yep. Which means they need to get from whatever hodge-podge mess they’re on now, to something shiny enough to drive down the street and not get laughed at, towards Cloudville.
Maybe they have a mix of SCCM 2007, 2012 and 2012 R2, along with a smattering of different Service Packs and CU’s. Maybe they have SQL 2008 R2, 2012, and 2014 floating around, with even more variations by Service Pack and CU. And maybe some are using Windows Server 2008 R2, 2012 or 2012 R2. Maybe they have a CAS. Maybe some sites use EPP and others do not. Maybe, maybe, maybe. .NET and PowerShell versions all over the place.
So, sitting in a “road show” event not long ago, the vendor rep (no names, rhymes with “Eye Crow Soft”) asked why us consultants thought customers weren’t selling their kids to scientific research in order to pack up and move to the cloud. A lot of answers floated out that day, but I offered two that led to a very long room full of debate (after an hour, I snuck out to enjoy the free catered lunch and came back to find they didn’t know I’d left):
- Customers are confused (portals portals portals, but this has been steadily improving since that event) and while rapid updates CAN be exciting, they scare the shit out of timid customers and make their checkbooks hide.
- Customers are stuck on old products, and the upgrade path is easy on paper and in a lab, but getting a SITREP analysis costs either money or time (or both).
The problem with #2 is they know some of the problems they’ll need to address, just to get things ready for the big upgrade. They hire a consultant (insert theme music here) and then the circus fun begins when they run into little annoying roadblocks just collecting data. This is what I’m talking about. Not the big “here, let me show you a cool PowerPoint presentation with gnarly music, while I hand out business cards, pens and mouse pads”. No, I’m talking about the rolled-up sleeves part where you ask the customer to bend over and cough.
You, “This shouldn’t hurt at all, just relax…”
(awkward silence, sounds of heavy lifting strain, a cough)
Them, “Are you sure that’s how it works? I can feel your hand on my spleen.”
You, “Oh. That’s not supposed to happen. Do you have WMF 4 or PowerShell 5 installed?”
Inconsistent server builds, networks, subnetting, DHCP configurations, DNS issues, users and groups who supposedly “manage” operational resources which aren’t really being managed, and the never-ending array of software and versions strewn about like bodies in a battlefield.
Oh! This server has 2012 R2 and PowerShell 5 installed! Yay! I can run this, oh, hold on, it’s trying to connect to a list of servers over the network, but some are running 2003, 2008, 2008 R2 and have .NET 1.1, 2.0, 3.0, 4.0, and…
Then I think, “well, I can fall back on my old VBScript bag of goodies” and realize it’s built to export results directly into MS Word, but it doesn’t support Office 2016 yet. Ouch. Then I spend an hour updating the code for Word 2016 and then remember it has a better PowerShell interface library to make all this VBScript compost heap into a box of toothpicks, but then I’d have to recode it in side-by-side windows, and…
I find a decent script via a web search and give it a run. It’s nice, but missing some key things I really need, like detailed SQL Server configuration information, and all of the site and component status information, so I start hacking it and testing and more hacking and more testing, and…
I finally get it running, and it grabs a list of servers and sites and starts spewing threads aplenty, until it hits one site in a different forest with a semi-functional trust. The nearby customer guy says “oh yeah, that domain trust has been broken for years. We have to use local domain accounts over there”, but he can’t recall the user names or passwords. But he knows someone who knows someone who knows, and then he takes off to search for that person, and…
Meanwhile, I’m daydreaming of some nice, simple UI “utility” that will mine all this great (MS/RAP-ish) pool of valuable SCCM site information and offer to place it gently into Word, Excel, XML, or whatever. I really don’t care. If it just pulls everything I need in order to see the following, I’d be fine:
- What they have
- How it’s configured
- How well it’s functioning
- What aspects need attention (and money)
If you must have a list to scrutinize, here’s one I just pulled out of my, err, something…
- Site hierarchy
- Site systems and their configuration
- Site systems health metrics
- Roles and members
- Service accounts
- Role mappings from AD and local server
- SQL server configurations and health metrics and potential SPN issues
- AD forests, domains, domain controllers, FSMO holders, sites, subnets and site links information, custom container status, delegated permissions on that container, associated published objects
- Client configurations
- Packages and Programs
- Applications and Deployments
- Software Updates and ADRs and Servicing options
- OSD configurations, PXE and WDS configurations
- Heck, maybe query DHCP for scope options, and UEFI vendor classes, etc.
- All remote console connection events within X hours/days (by whom, from where, etc.)
- A map of nearby Thai and Indian restaurants
Give it away on GitHub or your own company site. Or offer it to partners as part of a “help us beat our next quarterly results call” bundle/kit, that might include the Azure cost estimator, and so on.
I can have dreams too.