Data Protection Manager

Working in the Datacenter – Deploying the DPM agent using PowerShell

Last night i was deploying a DPM server for a customer and we needed to deploy the DPM agent on a few machines. It is well know that DPM can do push agent install, but the requirements is to open high ports on every client, well lets state that it is not something any customer likes to do, so that means that we will use the Attach Agent function in DPM and that require the agent to be installed first.

The trick is not to install it, rather running the setDpmServer command that will do a connection against the DPM server, resulting in the double hop issue in Windows. The real solution is to use the existing software deployment solution to push the agent or to install the agent when the server is deployed, but in this case we needed a quick-and-dirty method to get it out to a few servers.

So the script will copy the installers to the target, install the agent, configure the agent and add the agent to the DPM server. It works with multiple servers at the same time. It uses CredSSP to fix the double-hop issue, which was ok for this customer.

The Script


$SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force
$User = “$env:USERDOMAIN\$UserName”
$Credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $User, $SecurePassword

Foreach($Server in $Servers){
    Enable-WSManCredSSP -Role Client -Force -DelegateComputer $Server 
    New-Item -Path "\\$Server\c$\DPMinstall" -ItemType Directory -Force 
    Copy-Item -Path 'C:\Program Files\Microsoft System Center 2012 R2\DPM\DPM\ProtectionAgents\RA\4.2.1205.0\amd64' -Destination "\\$Server\c$\DPMinstall" -Container -Force -Recurse
    Invoke-Command -ComputerName $Server -ScriptBlock {
        Enable-WSManCredSSP -Role Server -Force
        cmd.exe /c C:\DPMInstall\amd64\DPMAgentInstaller_x64.exe /q /IAcceptEula
        & 'C:\Program Files\Microsoft Data Protection Manager\DPM\bin\SetDpmServer.exe' -dpmServerName $DMPServerName
    } -EnableNetworkAccess -Credential $Credentials -Authentication Credssp
    & 'C:\Program Files\Microsoft System Center 2012 R2\DPM\DPM\bin\Attach-ProductionServer.ps1' -DPMServerName "$DMPServerName.$env:USERDNSDOMAIN" -UserName $UserName -Password $Password -Domain $env:USERDOMAIN -PSName $Server


1 reply »

  1. I have a DIRTY method for getting the latest path for you DPM agent i’m using in my DPM install script

    $dpmagentpath1 = ‘E:\Program Files\Microsoft System Center 2012 R2\DPM\DPM\agents\RA’
    $dpmagentpath2 = ‘amd64\1033’
    $DPMAgents = Get-ChildItem -Path $dpmagentpath1 -Directory
    $latestagent = $($DPMAgents | Sort-Object -Descending)[0]

    $DPMAgentFind = Get-ChildItem -Path “$dpmagentpath1\$latestagent\$dpmagentpath2” -File -Filter ‘*exe.manifest’
    $DPMAgentfull = $DPMAgentFind -split ‘.manifest’

    “$dpmagentpath1\$latestagent\$dpmagentpath2\$DPMAgentfull” returns E:\Program Files\Microsoft System Center 2012 R2\DPM\DPM\agents\RA\4.2.1373.0\amd64\1033\DPMAgentInstaller_KB3086084_AMD64.exe

    I need to clean this up….

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.