How to Configure Windows Server 2016 Orchestrator

System Center Orchestrator is the runbook automation engine in the Microsoft System Center suite. Orchestrator allows IT teams to create visual workflows called runbooks that automate repetitive IT processes such as provisioning virtual machines, responding to SCOM alerts, processing service requests from SCSM, rotating logs, onboarding new users, and executing disaster recovery steps. Orchestrator uses integration packs (IPs) to communicate with external systems including Active Directory, Exchange Server, VMware, Azure, and all other System Center components. This tutorial covers installing Orchestrator 2016 on Windows Server 2016, creating runbooks using the Runbook Designer, integrating with Active Directory and SCOM, and publishing runbooks for consumption by Service Manager and the Orchestration Console.

Prerequisites

You need a Windows Server 2016 server with at least 4 GB of RAM and 40 GB of disk, SQL Server 2016 for the Orchestrator database (Orchestrator), and an Active Directory service account (svc-orch) with local administrator rights. The Orchestrator Management Server, Runbook Server, Runbook Designer, and Web Service components can all be installed on the same server for smaller deployments. Ensure .NET Framework 4.6 is installed and the server is domain-joined. If you plan to integrate with SCOM or SCSM, those servers must be reachable from the Orchestrator server.

Step 1: Install Required Windows Features

Install the required Windows features on the Orchestrator server before running setup.

Install-WindowsFeature `
    NET-Framework-Features, `
    NET-Framework-45-Features, `
    Web-Server, `
    Web-WebServer, `
    Web-Asp-Net45, `
    Web-Net-Ext45, `
    Web-ISAPI-Ext, `
    Web-ISAPI-Filter, `
    Web-Mgmt-Console `
    -IncludeManagementTools -Restart

Step 2: Install Orchestrator 2016

Mount the Orchestrator 2016 installation media and run Setup.exe. Select all components for a single-server installation: Management Server, Runbook Server, Runbook Designer, and Web Features. Specify the SQL Server instance, service account, and the Orchestrator port (default 81 for the Orchestration Console web interface).

# Unattended install example
SetupOrchestrator.exe /Silent `
    /Components:All `
    /DbServer:SQL01.corp.local `
    /DbName:Orchestrator `
    /DbExistingDatabase:No `
    /ServiceUserName:CORPsvc-orch `
    /ServicePassword:S3rv!ceP@ss2016 `
    /OrchestratorUsersGroup:"CORPOrchestrator Admins" `
    /WebServicePort:81 `
    /WebConsolePort:82 `
    /RemoteAccess:Yes `
    /ApproveNewRunbookServers:Yes

Step 3: Verify Services Are Running

After installation, confirm the Orchestrator services started successfully.

Get-Service | Where-Object { $_.DisplayName -like '*Orchestrator*' } |
    Select-Object DisplayName, Status, StartType

Start-Service 'Orchestrator Management Service'
Start-Service 'Orchestrator Runbook Server Monitor'
Start-Service 'Orchestrator Runbook Service'
Start-Service 'Orchestrator Web Service'

Step 4: Install Integration Packs

Integration packs extend Orchestrator with activities for specific Microsoft products and third-party systems. Download integration packs from the Microsoft Download Center and deploy them through the Deployment Manager tool.

# Open the Orchestrator Deployment Manager from the Start menu
# or via command line:
DeploymentManager.exe

# After opening Deployment Manager:
# 1. Connect to your Orchestrator Management Server
# 2. Right-click Integration Packs > Register Integration Pack
# 3. Browse to the downloaded .OIP file
# 4. Right-click the registered pack > Deploy Integration Pack to Runbook Server
# 5. Accept the license and deploy

# Commonly deployed integration packs:
# - System Center 2016 Integration Pack for Active Directory
# - System Center 2016 Integration Pack for Operations Manager
# - System Center 2016 Integration Pack for Service Manager
# - System Center 2016 Integration Pack for Virtual Machine Manager
# - System Center 2016 Integration Pack for Azure

Step 5: Open the Runbook Designer and Create Your First Runbook

The Runbook Designer is a graphical tool for building automation workflows. Open it from the Start menu, connect to the Orchestrator Management Server, and create a new runbook folder and runbook.

# The Runbook Designer is a GUI application - connect to:
# Server: orch01.corp.local
# Port: 81 (or your configured port)

# Create a folder structure in the Connections pane:
# Runbooks > Corp Automation > Active Directory
# Runbooks > Corp Automation > VM Provisioning
# Runbooks > Corp Automation > Incident Response

Step 6: Build a New User Onboarding Runbook

Create a runbook that creates an Active Directory user account when triggered. Drag and drop activities from the Activities pane onto the Runbook Designer canvas and connect them with links.

# New User Onboarding runbook activity flow:
# 1. Monitor Date/Time (trigger: schedule or event)
#    OR
#    Monitor Queue (triggered by SCSM Service Request)
#
# 2. Get Activity Request Details
#    - Read new user information from SCSM Service Request
#
# 3. Active Directory: Create User
#    - OU: OU=Users,DC=corp,DC=local
#    - Username: {FirstName}.{LastName}
#    - Password: generated via RunScript activity
#    - Department, Manager from request
#
# 4. Active Directory: Add User to Group
#    - Add to department security group
#
# 5. Exchange: Create Mailbox
#    - Enable Exchange mailbox for new user
#
# 6. Send Email
#    - Notify manager with credentials
#
# 7. Update SCSM Service Request
#    - Set status to Completed

Step 7: Use the Run .NET Script Activity for Custom Logic

The Run .NET Script activity executes PowerShell or VBScript code inside a runbook, enabling custom logic that standard activities do not cover.

# Example Run .NET Script activity - PowerShell to generate a secure password
# Place this in the Script Body field of the Run .NET Script activity

$upper  = [char[]]('ABCDEFGHJKLMNPQRSTUVWXYZ') | Get-Random -Count 3
$lower  = [char[]]('abcdefghjkmnpqrstuvwxyz') | Get-Random -Count 3
$number = [char[]]('23456789') | Get-Random -Count 2
$symbol = [char[]]('!@#$%^&*') | Get-Random -Count 1

$password = ($upper + $lower + $number + $symbol | Sort-Object { Get-Random }) -join ''

# Publish the result as output data
$password

Step 8: Configure the SCOM Alert Response Runbook

A common Orchestrator use case is automatically responding to SCOM alerts. Create a runbook that monitors SCOM for critical alerts and attempts self-healing actions before creating a SCSM incident.

# SCOM Alert Response runbook flow:
# 1. Monitor Alert (Operations Manager IP)
#    - Filter: Severity = Critical, ResolutionState = New
#
# 2. Get Alert Details
#    - Extract: AlertName, MonitoringObjectDisplayName, Description
#
# 3. Branch: Alert Classification
#    - Link condition: AlertName contains 'W3SVC'  -> IIS Restart branch
#    - Link condition: AlertName contains 'SQL'    -> SQL Check branch
#    - Link condition: else                        -> Create Incident branch
#
# 4a. IIS Restart branch:
#     Run SSH or WinRM command: Restart-Service W3SVC
#     Update Alert Resolution State: 2 (Acknowledged)
#
# 4b. Create Incident branch:
#     Service Manager: Create Incident
#     - Title: from SCOM alert name
#     - Description: from alert description
#     - Impact: High
#     - Support Group: IT Operations

Step 9: Publish Runbooks and Configure Permissions

Runbooks can be triggered through the Orchestration Console web portal, the Orchestrator Web Service API, or directly from SCSM using the Orchestrator Connector. Set permissions on runbook folders to control which users can view and execute runbooks.

# Grant permission to a runbook folder using the Runbook Designer
# Right-click folder > Permissions > Add user or group
# Assign: Read / Publish / Execute permissions separately

# Test the Orchestrator Web Service
$uri = 'http://orch01.corp.local:81/orchestrator2012/orchestrator.svc/Runbooks'
$cred = Get-Credential CORPsvc-orch
$response = Invoke-RestMethod -Uri $uri -Credential $cred -Method Get
$response.value | Select-Object Name, Path, Id | Format-Table

Step 10: Monitor Runbook Jobs and Audit Logs

Use the Orchestration Console or direct SQL queries to monitor runbook execution history, identify failures, and review audit logs for compliance reporting.

# Query Orchestrator job history from SQL Server
Invoke-Sqlcmd -ServerInstance 'sql01' -Database 'Orchestrator' -Query @"
SELECT TOP 100
    RBJ.Status,
    RB.Name AS RunbookName,
    RBJ.CreationTime,
    RBJ.LastModifiedTime,
    DATEDIFF(SECOND, RBJ.CreationTime, RBJ.LastModifiedTime) AS DurationSec
FROM ACTIONSERVERS_JOB RBJ
INNER JOIN RUNBOOKS RB ON RB.UniqueID = RBJ.RunbookId
ORDER BY RBJ.CreationTime DESC
"@

# Check Runbook Server status
Get-Service 'Orchestrator Runbook Service' | Select-Object Name, Status, StartType

System Center Orchestrator on Windows Server 2016 is a powerful automation platform that reduces manual IT workload and improves consistency and response times for routine processes. By following this guide you have installed Orchestrator, deployed integration packs, built runbooks for user onboarding and SCOM alert response, configured permissions, and established monitoring practices. The real value of Orchestrator grows as you identify repetitive manual procedures in your environment and translate them into reliable, tested, and documented runbooks. Integrate Orchestrator with Service Manager so that approved service requests automatically trigger the corresponding runbooks, creating a fully automated IT service delivery pipeline with appropriate governance and audit trails throughout.