PowerShell for Discovery and Service Mapping

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of PowerShell for Discovery and Service Mapping

    This document outlines how MID Servers utilize PowerShell and PowerShell Remoting to access configuration items (CIs) during horizontal and top-down discovery of Windows servers. PowerShell enhances communication and automation between MID Servers and Windows servers using WMI and WinRM protocols, enabling effective discovery across multiple domains with stored credentials.

    Show full answer Show less

    Key Features

    • PowerShell Discovery: MID Servers deploy probes like Windows - MSSQL to gather SQL database information.
    • Probe Parameters: Includes parameters such as WMIActiveConnections.ps1, which retrieves server connection details.
    • Credential Management: Discovery utilizes Windows PowerShell credentials or the MID Server service's login credentials if no specific PowerShell credentials are available.
    • Script Includes: Two new script includes, GenerateWMIScriptJS and GenerateWMIScriptPS1, facilitate script generation for WMIRunner and PowerShell discovery.
    • PowerShell Version Requirements: Supports PowerShell versions 3.0, 4.0, and 5.0, with 6.0 not supported due to missing cmdlets.
    • Execution Policies: Customers can set execution policies (e.g., Restricted, AllSigned, RemoteSigned, Unrestricted) to control script execution based on security needs.

    Key Outcomes

    By configuring MID Servers to use PowerShell, customers can achieve efficient and stable discovery of Windows servers across various domains, facilitating improved administration and management of their IT infrastructure. MID Server parameters allow for customization of behavior, ensuring that the discovery process aligns with organizational needs.

    MID Servers use PowerShell and PowerShell Remoting for accessing configuration items (CIs) during horizontal and top-down discovery. Review MID Server parameters and script includes, probe parameters, and credentials for using PowerShell.

    PowerShell is used to control and automate the administration of Windows servers and applications.

    MID Servers can use PowerShell to directly communicate with Windows servers using both WMI and WinRM protocols. For Windows services using the WinRM protocol, the PowerShell process establishes a secure PSSession (PowerShell Remoting session) that stays open until the MID Server finishes querying a Windows server. For Windows servers using the WMI protocol, the PowerShell process sends every PowerShell command with credentials.

    PowerShell is also the preferred method for performing discovery over multiple Windows domains. PowerShell allows a single MID Server to authenticate on servers on different domains using credentials stored on the instance.

    If you do not configure MID Servers to use PowerShell and PowerShell Remoting, MID Servers use WMI.

    How PowerShell Discovery works

    The following descriptions explain how MID Servers use PowerShell to deploy probes.
    Probe and sensor

    When a Windows machine is classified with PowerShell, and an MSSQL instance is detected, a probe called Windows - MSSQL is launched. The probe returns the SQL database catalogs and version to a matching sensor.

    Probe parameter

    The WMI_ActiveConnections.ps1 probe parameter contains a script that runs netstat.exe on a target server when PowerShell is enabled. This script extracts the information on Windows server connections, such as process IDs, ports, and IP addresses.

    Credentials

    Discovery uses Windows PowerShell credentials from the Credentials [discovery_credentials] table or the domain administrator credentials of the MID Server service. If Discovery cannot find PowerShell credentials in the Credentials table of the type (Windows) it uses the login credentials of the MID Server service.

    MID Server Script Includes
    The following script includes were added for PowerShell discoveries. These scripts run on the MID Server to generate the scripts that Discovery uses for WMIRunner and PowerShell.
    • GenerateWMIScriptJS: Generates a Javascript script for the WMIRunner probe.
    • GenerateWMIScriptPS1: Generates a PowerShell script for PowerShell discovery.
    MID Server parameters for PowerShell
    Optional parameters for the MID Server can be found at MID Server parameters for PowerShell. After changing the setting for any parameter, be sure to restart the MID Server service.

    PowerShell version requirements

    MID Servers using PowerShell must be installed on a supported Windows operating system. ServiceNow supports these PowerShell versions:
    Version 3.0
    • Regular Discovery
    • Application Dependency Mapping (ADM)
    • File-based Discovery
    • PowerShell version 3.0 does not support Windows Server 2003.
    Version 4.0
    • Regular Discovery
    • Application Dependency Mapping (ADM)
    • File-based Discovery
    Version 5.0
    • Regular Discovery
    • Application Dependency Mapping (ADM)
    • File-based Discovery
    Note:
    PowerShell version 6.0 is not supported. Many of the cmdlets that discovery relies on have been removed from this version. For example, only cmdlets using WinRM are available for remote operations.

    Windows PowerShell execution policies

    Windows PowerShell has four different execution policies. Customers can set the script execution policies with their group policy settings. For more information, see the Microsoft website for PowerShell documentation.
    • Restricted: No scripts can be run. Windows PowerShell can be used only in interactive mode.
    • AllSigned: Only scripts signed by a trusted publisher can be run.
    • RemoteSigned: Downloaded scripts must be signed by a trusted publisher before they can be run.
    • Unrestricted: No restrictions; all scripts can be run.
    Note:
    If you have any policy other than Unrestricted, the script needs to be signed.