Close SCOM Alerts Older Than Five Days

In this post I will share on of my PowerShell scripts to close all SCOM alerts that is open for 5 days or more.

Create a folder were you are going to save the scripts in. In the folder create two empty notepad documents and save them as CloseOldSCOMAlerts.ps1 and CloseOldSCOMAlerts.bat (make sure of the file extensions of the files).

Open the CloseOldSCOMAlerts.bat file and paste the following command in there:

C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe C:\<ScriptFolder>\CloseOldSCOMAlerts.ps1


Save and close the file.
We are going to use the CloseOldSCOMAlerts.bat file to create a scheduled task so that you do not have to run the script every day manually.

Open the CloseOldSCOMAlerts.ps1 file and paste the following command in there:

#================================================================================================= 

# AUTHOR:  Frikkie Uys  

# DATE:    13/04/2012 

# Version: 1.0 

# COMMENT: To be scheduled in Windows scheduler to close any alerts that are more than 5 days old. 

#=================================================================================================

$CriticalEarlistDate = (Get-Date).adddays(-5) 

$WarningEarlistDate = (Get-Date).adddays(-5) 

$InfoEarlistDate = (Get-Date).adddays(-5) 

$erroractionpreference = "SilentlyContinue" 

$closed = "255" 

##Initiate SCOM PSSnapin 

$RMS = "<FQDN of RMS Server>" 

#adding SCOM PSSnapin 

if ((Get-PSSnapin | where-Object { $_.Name -eq 'Microsoft.EnterpriseManagement.OperationsManager.Client' }) -eq $null) 

{  

Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client -ErrorAction SilentlyContinue -ErrorVariable Err 

} 

if ((Get-PSDrive | where-Object { $_.Name -eq 'Monitoring' }) -eq $null) 

{ 

New-PSDrive -Name:Monitoring -PSProvider:OperationsManagerMonitoring -Root:\ -ErrorAction SilentlyContinue -ErrorVariable Err | Out-Null 

} 

#Connect to RMS 

Set-Location "OperationsManagerMonitoring::" 

new-managementGroupConnection -ConnectionString:$RMS | Out-Null 

Set-Location Monitoring:\$RMS 

#Critical Alerts 

$CriticalAlerts = get-alert -criteria "Severity = '2'"| where { $_.resolutionstate -ne $closed -and $_.timeRaised -le $CriticalEarlistDate } 

foreach ($alert in $CriticalAlerts) 

{ 

$alert.ResolutionState = $closed 

$alert.update("") 

} 

#Warning Alerts 

$WarningAlerts = get-alert -criteria "Severity = '1'" | where { $_.resolutionstate -ne $closed -and $_.timeRaised -le $WarningEarlistDate } 

foreach ($alert in $WarningAlerts) 

{ 

$alert.ResolutionState = $closed 

$alert.update("") 

} 

#Info Alerts 

$InfoAlerts = get-alert -criteria "Severity = '0'" | where { $_.resolutionstate -ne $closed -and $_.timeRaised -le $InfoEarlistDate } 

foreach ($alert in $InfoAlerts) 

{ 

$alert.ResolutionState = $closed 

$alert.update("") 

} 

##Make sure the script is closed 

if ($error.count -eq "0") 

{ 

#$host.setShouldExit(0) 

} 

else 

{ 

#$host.setShouldExit(1) 

}

Save and close the file.

We are now going to create a scheduled task to automate the script. Open Task Scheduler from Control Panel or Administrative Tools.

Select Task Scheduler Library in the left hand pane. From the action menu, select Create New Task. The new task window will appear. Follow the steps to configure your task. On the Actions tab, select the CloseOldSCOMAlerts.bat file. The .bat file will call up the PowerShell script.

After the script has completed successfully, refresh your SCOM console to see that the alerts 5 days and older has been closed.

Hope that this post was helpful.