This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 33%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBZ%3C/text%3E%3C/svg%3E)
Hi, is there any way of monitoring UDP ports availability with SCOM 2022? I'd like to monitor udp/53 and udp/123 availability on Domain Controllers (for starters) so we get alerted if port is not accessible from given source servers.
Thank you in advance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 92%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
Hi,
Here's a PowerShell script that uses the PortQry command-line tool to check the availability of UDP ports and integrates with SCOM to create a custom monitor.
This script will check the status of UDP ports 53 and 123 on your Domain Controllers and generate alerts if the ports are not accessible.
Check-UDPPorts.ps1:param (
[string]$Server,
[int]$Port
)
$portQryPath = "C:\Path\To\PortQry.exe" # Update this path to where PortQry is located
function Test-UDPPort {
param (
[string]$Server,
[int]$Port
)
$result = & $portQryPath -n $Server -p udp -e $Port
if ($result -match "LISTENING") {
return $true
} else {
return $false
}
}
$ports = @(53, 123)
$allPortsOpen = $true
foreach ($port in $ports) {
if (-not (Test-UDPPort -Server $Server -Port $port)) {
$allPortsOpen = $false
Write-Output "Port $port is not open on $Server"
} else {
Write-Output "Port $port is open on $Server"
}
}
if ($allPortsOpen) {
exit 0 # All ports are open
} else {
exit 1 # One or more ports are not open
}
Check-UDPPorts.ps1.This setup will allow you to monitor the availability of UDP ports 53 and 123 on your Domain Controllers using SCOM and receive alerts if any issues are detected.
If you need further assistance or have any questions, feel free to ask! 😊
Thanks, so this would work if I need to monitor if udp/53 and udp/123 on DCs are accessible from all servers?
Idea is to monitor availability of these 2 udp ports from all servers (as sources) therefore why monitor targets Domain Controllers if script has to be "executed" on all servers to test udp ports on Domain Controllers. Furthermore, what would passing parameters to the script look like (since there are more than one DC and more than one udp port and those parameters are not defined as array of strings/integers respectively in PS script itself).
You can't run PowerShell scripts from the SCOM wizards. You'll need to use the Community PowerShell MP -https://ds.squaredup.com/cookdown/powershell-mp/
I'd also question targetting the domain controllers as the location to run the script. You want to monitor the domain controllers but I'd suggest creating a group of watcher nodes to remotely monitor the domain controllers.
Hi Bojan,
Monitoring only the ports of a service (in your example: DNS, NTP) covers just a small aspect of ensuring that the service is truly available and functioning as expected. I would not recommend monitoring these UDP ports directly, as the effort involved often outweighs the actual benefits. Simply checking port availability does not guarantee that the service behind it is operational.
Instead, here’s what I would recommend:
NTP Monitoring
The Active Directory management pack already provides basic time synchronization monitoring. However, if you want a more comprehensive solution, I suggest following Kevin Holman's approach, which is well-documented here:
Monitoring for time drift in your enterprise – Kevin Holman
This approach allows you to monitor time drift using a reference NTP server, ensuring that your systems remain in sync.
DNS – Inbound Query Monitoring
Monitoring UDP port 53 alone will only confirm that the port is open and accepting traffic—it won't tell you whether the DNS service is responding correctly to queries.
A better method is to use performance counters. For example, you can monitor the following counter:
This counter will show you whether inbound DNS queries are being received by the server, which also implies that traffic is reaching port 53/UDP and being processed correctly by the DNS service.
You can just use the counter and configure a monitor with it, a simpe process in SCOM.
If You Choose to Use PowerShell Scripts
If you still decide to go ahead with a custom PowerShell script for monitoring, make sure that:
The agent executing the script has all required modules installed.
The correct PowerShell version is in place.
You have thoroughly tested the script on that specific agent.
Let me know if you'd like help setting up any of the suggested monitoring methods.
Best regards,
Stoyan