AddToDistList Tool - Adding a computer to the Distribution list on a RunAs Account

Some weeks ago I saw a question about how to use PowerShell for the ApproveCredentialForDistribution method. This Method Approves a secure credential for distribution to a list of MonitoringObject objects or PartialMonitoringObject objects. Calling this method adds the specified list to the already existing approved list in the system.

You use this method when you add a computer to the Run As Account.

 

But what if you want to add not one but much more Computers to a Distribution List? In the OpsMgr Console you need to select each computer one-by-one and add the computer to the list. Would not it be cool if we could use PowerShell or some commandtool to create a script to do it automatically for us?

On the Technet System Center Forum website there is also a discussion about this topic. So I looked at the method on MSDN and tried to get this working in PowerShell. But till now I’ve not been able to get this working in PowerShell So I created a Console App in Visual Studio 2010 which seems to work ok. I’ll add the source code so you can have a look how I  created the Console App. I also used nConsoler, which helped with the parsing of arguments in the console application. And finally I used ILMerge to merge the nConsoler dll in a single .NET assembly.

Program.cs:

using System;using System.Text;using Microsoft.EnterpriseManagement;using Microsoft.EnterpriseManagement.Configuration;using Microsoft.EnterpriseManagement.ConnectorFramework;using Microsoft.EnterpriseManagement.Monitoring;using Microsoft.EnterpriseManagement.Monitoring.Security;using System.Collections.Generic;using System.Collections.ObjectModel;using System.Diagnostics;using System.Xml;using System.Security;using Microsoft.EnterpriseManagement.Administration;using NConsoler; //https://nconsoler.csharpus.com/namespace OpsMgrApproveCredentialForDistribution{ class Program { static void Main(string[] args) { //NConsoler Consolery.Run(typeof(Program), args); } [Action] public static void DoWork( [Required(Description="Enter RMS Server name")] string RMS, [Required(Description="Enter RunAs Account Name")] string RunAsAccount, [Required(Description = "Enter FQDN OpsMgr Agent\n" + "\nExample: AddToDistList.exe opsmgrrms.contoso.com om_sql_mon opsmgragent.contoso.com" + "\nAdding a computer to the Distribution list on a RunAs Account application for OpsMgr 2007" + "\nemailname@hotmail.com\n" + "\nProvided 'AS IS' without warranty of any kind")] string OpsMgrAgent) { Console.WriteLine("OpsMgrApproveCredentialForDistribution - Version 1.3 - Compiled March 5, 2011"); Console.WriteLine("https://blogs.technet.com/stefan_stranger"); // Connect to the sdk service on the RMS //ManagementGroup localManagementGroup = new ManagementGroup(strRMS); ManagementGroup localManagementGroup = ConnectMG(RMS); if (localManagementGroup == null) { Console.WriteLine("Failed to connect to Root Management Server " + RMS); } else { MonitoringSecureDataCriteria runAsAccountCriteria; ReadOnlyCollection<MonitoringSecureData> runAsAccounts; Console.WriteLine("RunAs Account Username:" + RunAsAccount); runAsAccountCriteria = new MonitoringSecureDataCriteria("UserName LIKE " + "'" + RunAsAccount + "'"); runAsAccounts = localManagementGroup.GetMonitoringSecureData(runAsAccountCriteria); if (runAsAccounts.Count == 0) throw new InvalidOperationException("Error! RunAs Account not found: " + RunAsAccount); MonitoringSecureData account = runAsAccounts[0]; List<MonitoringObject> list = new List<MonitoringObject>(); // Fully qualified name of the agent-managed computer. ManagementGroupAdministration admin = localManagementGroup.GetAdministration(); string query = "Name = '" + OpsMgrAgent + "'"; AgentManagedComputerCriteria agentCriteria = new AgentManagedComputerCriteria(query); ReadOnlyCollection<AgentManagedComputer> agents = admin.GetAgentManagedComputers(agentCriteria); if (agents.Count != 1) throw new InvalidOperationException("Error! OpsMgr Agent not found: " + OpsMgrAgent); //Add OpsMgr Agent to list list.Add(agents[0].HostedHealthService); localManagementGroup.ApproveCredentialForDistribution((ISecuredData)account, list); Console.WriteLine("OpsMgr Agent " + OpsMgrAgent + " added to distribution list"); } } private static ManagementGroup ConnectMG() { throw new NotImplementedException(); } //Connect to SDK Service on Root Management Server private static ManagementGroup ConnectMG(String RMS) { Console.WriteLine("Connect to Root Management Server:" + RMS); try { ManagementGroupConnectionSettings connectionSettings = new ManagementGroupConnectionSettings(RMS); ManagementGroup localManagementGroup = ManagementGroup.Connect(connectionSettings); if (!localManagementGroup.IsConnected) { throw new InvalidOperationException("Not connected to an SDK Service."); } Console.WriteLine("Connected to Management Group {0}", localManagementGroup.Name); return localManagementGroup; } catch (Exception exception) { Console.WriteLine("\nConnection failed. " + exception.Message); if (exception.InnerException != null) { Console.WriteLine(exception.InnerException.Message); return null; } } return null; } }}

 Ok let’s have a look how it works. 

 Scenario: 

We will be adding the OpsMgr Agent OpsMgrDC01.stranger.local to the SQL MP Monitoring Account Run As Account. (yes this is just an example there is no SQL running on my Domain Controller)

 Current Config SQL MP Monitoring Run As Account:

 Step 1: Install AddToDistList console application on machine where OpsConsole is installed. 

 Just copy the AddToDistList.exe to a folder of your choice.

 Step 2. Open the AddToDistList.exe from command prompt. 

As you see it needs 3 parameters:

• RMS Name
• RunAs Account Name (domain account name)
• FQDN OpsMgr Agent

 

When we want to add the OpsMgrDC01.stranger.local OpsMgr Agent to the SQL MP Monitoring Account Run As Account we need to run the following:

AddToDistList.exe opsmgrrms.stranger.local om_sql_mon opsmgrdc01.stranger.local

Let’s check if the opsmgrdc01 agent is added to the distribution list.

Yes! It worked

 

Now you could create a script that pull’s the names of the computers that need to be added to the Distribution List from a text file and call’s the AddToDistList console application.

Download AddToDistList.exe

Download SourceCode

Disclamer:

This is provided as a sample, no support is implied. Provided 'AS IS' without warranty of any kind. I wrote it for me initially.I'm not a developer, and don't profess to be either; just to set your expectations

Tested on OpsMgr 2007 R2.

Tweet

Comments

• Anonymous
  January 01, 2003
  Just curious - what if you have multiple Run As accounts that use the same login?

• Anonymous
  January 01, 2003
  Hi Daniele, Good idea! Will contact you get some info on how to do this. Regards, Stefan

• Anonymous
  January 01, 2003
  Maybe, rather than using the external library to parse the commands of the DOS utility, you could have built a cmdlet - that way you would have still written it with Visual Studio, but would be able to use it in Powershell. Maybe next time :-)

• Anonymous
  May 25, 2011
  Is it possible to read with a powershell the members of a group and add them all with AddToListTool to DistributedList? Thanks for any suggestions :-)

• Anonymous
  March 29, 2012
  i have a similar issue as matt does, momadmin account name in multiple domains, this would be good if i could either specify domainmomadmin or use the run as account displayname rather then the account name