SolarWinds THWACK
THWACK
  • Sign In
  • Search
  • Product Forums
    • Observability
      • SolarWinds Observability
      • Hybrid Cloud Observability
      •  
      • New on THWACK DevOps
    • The Orion Platform
      • Forum
      • Scalability Engines (HA, APE, AWS)
      • Enterprise Operations Console (EOC)
      • Orion SDK
      • Alert Lab
      • Report Lab
    • Network Management
      • Network Performance Monitor (NPM)
      • NetFlow Traffic Analyzer (NTA)
      • Network Configuration Manager (NCM)
      • IP Address Manager (IPAM)
      • User Device Tracker (UDT)
      • VoIP & Network Quality Manager (VNQM)
      • Log Analyzer
      • Engineer’s Toolset
      • Network Topology Mapper (NTM)
      • Kiwi CatTools
      • Kiwi Syslog Server
      • ipMonitor
    • Systems Management
      • Server & Application Monitor (SAM)
      • Virtualization Manager (VMAN)
      • Storage Resource Monitor (SRM)
      • Server Configuration Monitor (SCM)
      • SolarWinds Backup
      • Web Performance Monitor (WPM)
    • Database Management
      • Database Performance Analyzer (DPA)
      • SQL Sentry
      • Database Performance Monitor (DPM)
      • Database Mapper
      • Task Factory
    • Application Management
      • AppOptics
      • Loggly
      • Papertrail
      • Pingdom
      •  
      • New on THWACK DevOps
    • IT Security
      • Access Rights Manager (ARM)
      • Identity Monitor
      • Security Event Manager (SEM)
      • Patch Manager
      • Serv-U FTP & MFT
    • IT Service Management
      • SolarWinds Service Desk (SWSD)
      • Web Help Desk (WHD)
      • DameWare Remote Support (DRS)
      • DameWare Remote Everywhere (DRE)
      • DameWare Mini Remote Control (MRC)
  • Resources
    • THWACK Command Center
    • New on THWACK DevOps
    • What We're Working On
    • Blogs
      • Community Announcements
      • Product Blog
      • Monitoring Central
      • Geek Speak
      •  
      • New on THWACK DevOps
    • THWACK Tech Tips
    • TechPod
    • Support
      • Success Center
      • Documentation
      • Submit a Support Ticket
      • Customer Portal
      • Renew Maintenance
    • Community Groups
      • New To THWACK
      • Federal & Government
      • User Experience
      • EMEA Group
      • Japan Group
  • Events, Missions, & Musings
    • Events
      • THWACK Livecast
      • THWACK Livecast Archive
      • SolarWinds Lab
      • SolarWinds Lab Archive
      • THWACKcamp 2022 On Demand
      • SolarWinds User Groups
      • SolarWinds Events Calendar
    • Missions & Contests
      • Mission: The Tech of Tomorrow
      • THWACK 101
    • Musings
      • Water Cooler
      • Geek Tank
      • IT Tech Jobs/Careers
      • Monitoring for Managers
    •  
      •  
  • Content Exchange
    • The Orion Platform
      • Alerts
      • Custom HTML
      • Custom Queries
      • Modern Dashboards
      • Reports
      • Scripts
    • Network Performance Monitor
      • Device Pollers
      • Universal Device Pollers (UnDP)
    • Network Configuration Manager
      • Config Change Scripts
      • Device Templates
      • Firmware Upgrade Templates
      • Policy Documents
    • Server & Application Monitor
      • API Pollers
      • Application Monitor Templates
    • Server Configuration Monitor
      • Policies
      • Profiles
    • Database Performance Analyzer
      • Custom Alerts
      • Custom Metrics
      • Custom Queries
    • Web Help Desk
      • Style Sheets
  • Academy
    • Newsroom
    • Forums
      • Classroom Discussions
      • SolarWinds Certified Professional (SCP)
    • Training & Certification
  • Free Tools & Trials
  • Store
The Orion Platform
  • Content Exchange
  • More
The Orion Platform
Scripts Acknowledge Solarwinds alert by email with oAuth and Azure AD
  • Tags
  • More
  • Cancel
Options
  • View all
  • Previous
  • Next
  • View slideshow
  • More
  • Cancel
fileName

Acknowledge Solarwinds alert by email with oAuth and Azure AD

Updated 2022-07-05 to use oAuth (modern authentication) and to require the AlertObjectID in the message body. If you have been using an older version of this script, please read the documentation again, as there have been several changes since the previous version.

This Powershell script allows end users to acknowledge or comment upon a Solarwinds alert via email. The script assumes that your organization uses Exchange and Azure AD as its email platform.

Prerequisites:

  • An email account ("the email account") for the default reply-to address used by your Solarwinds installation. This should be a dedicated account that isn't used by any other applications or users.
  • An Azure AD tenant.
  • An Azure AD application and a client secret for that application.
  • A Solarwinds individual account ("the Solarwinds account") that can acknowledge alerts. This account must have the following permissions in Solarwinds:
    • Allow alert management rights = yes
    • Allow account to disable actions = yes
    • Allow account to disable alerts = yes
    • Allow account to disable all actions = yes
    • Allow Account to Clear Events, Acknowledge Alerts and Syslogs = yes
  • MS Exchange Web Services Managed API 2.2 installed on the server that will run the script. Download and install the API.

Configuration:

  1. Log in to Windows as the account that will run the PowerShell script. Create a Windows credentials file for the Exchange application and for the Solarwinds account. For each account, run the PowerShell command
    Get-Credential | Export-Clixml -Path [full path to file]
  2. In your Solarwinds alerts, configure the alert to send email. Make sure that the email body includes this text and variable:
    [AlertObjectID=${N=Alerting;M=AlertObjectID}]
  3. Edit the script as follows.
    1. Edit the line
      $exchangeEmail = "solarwinds@mydomain.com"
      and replace "solarwinds@mydomain.com" with the address of the email account.

    2. Edit the line
      $SWServer = "solarwinds.mydomain.com"
      and replace "solarwinds.mydomain.com" with the fully-qualified domain name or IP address of your Solarwinds server

    3. Edit the line
      $TenantName = 'mydomain.onmicrosoft.com'
      and replace 'mydomain.onmicrosoft.com' with the name of your Azure AD tenant.

    4. Edit the line
      Import-Module "C:\Program Files (x86)\SolarWinds\Orion SDK\SWQL Studio\SwisPowerShell.dll"
      to point to the correct location of the SWIS PowerShell library

    5. Edit the line
      Import-Module -Name 'C:\Program Files\Microsoft\Exchange\Web Services\2.2\Microsoft.Exchange.WebServices.dll'
      to point to the correct location of the EWS 2.2 library
  4. Copy the script to your Solarwinds server. You can run the script from the Powershell IDE to test it.
  5. Configure a task manager job to run the script at the desired interval. I run it once per minute to ensure that acknowledgement/comment emails are processed quickly enough to satisfy my end users.

Use:

This script assumes that the first word in the email message is a command verb such as ack or comment. Any text between the command and a return and/or newline character(s) is treated as a comment, and it will be appended to the alert in Solarwinds.

Message syntax:

The email message must contain the Alert Object ID, formatted as described below. This element can appear anywhere in the message body.

Alert Object ID: A string of digits, in brackets, formatted like this:

    [AlertObjectID=99999]

Commands:

The command must be the first word in the message body.

ack:    Acknowledge the alert and append a comment if one is supplied.

comment: Append a comment to the alert

Comments:

Comments are optional. Any text between the command verb and a newline or return character will be treated as a comment. There are no formatting requirements for comments.

Example 1:

This message would acknowledge an alert without a comment

    Ack

    [AlertObjectID=46673]

Example 2:

This message would acknowledge an alert and append a comment

    Ack  Alert comment from ME

    [AlertObjectID=46673]

Example 3:

This message would append a comment without acknowledging the alert

    comment  Comment from ME

    [AlertObjectID=46673]

  • alert
  • acknowledge
  • script
  • email
  • alerts
m-milligan
m-milligan
  • 5 Jul 2022
  • 14 Downloads
  • Share
  • More
  • Cancel
Anonymous
  • m-milligan
    m-milligan 10 days ago in reply to Nick1400

    Apologies for the delay - it's over here: thwack.solarwinds.com/.../acknowledge-solarwinds-alert-by-email

    • Cancel
    • Up 0 Down
    • Reply
    • More
    • Cancel
  • Nick1400
    Nick1400 1 month ago in reply to m-milligan

    Is there anyway to download the previous script for onprem exchange?

    • Cancel
    • Up 0 Down
    • Reply
    • More
    • Cancel
  • m-milligan
    m-milligan 2 months ago in reply to hjarriell

    We are not running the script as the user. Let me see if I can share the permissions without offending my security team.

    • Cancel
    • Up 0 Down
    • Reply
    • More
    • Cancel
  • hjarriell
    hjarriell 3 months ago

    Not able to get this working, can you share what the app registration permissions look like?  We are getting a 403 error when we try to connect to the inbox.  Does the script need to run as the user of the mailbox for delegated rights?

    • Cancel
    • Up 0 Down
    • Reply
    • More
    • Cancel

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK© online community. More than 180,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab Link Accounts
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2021 SolarWinds Worldwide, LLC. All Rights Reserved.