Some weeks ago I saw a question about how to use PowerShell for the ApproveCredentialForDistribution method. This Method Approves a secure credential for distribution to a list of MonitoringObject objects or PartialMonitoringObject objects. Calling this method adds the specified list to the already existing approved list in the system.

You use this method when you add a computer to the Run As Account.




But what if you want to add not one but much more Computers to a Distribution List? In the OpsMgr Console you need to select each computer one-by-one and add the computer to the list. Would not it be cool if we could use PowerShell or some commandtool to create a script to do it automatically for us?

On the Technet System Center Forum website there is also a discussion about this topic. So I looked at the method on MSDN and tried to get this working in PowerShell. But till now I’ve not been able to get this working in PowerShell Sad smile So I created a Console App in Visual Studio 2010 which seems to work ok. I’ll add the source code so you can have a look how I  created the Console App. I also used nConsoler, which helped with the parsing of arguments in the console application. And finally I used ILMerge to merge the nConsoler dll in a single .NET assembly.


using System;
using System.Text;
using Microsoft.EnterpriseManagement;
using Microsoft.EnterpriseManagement.Configuration;
using Microsoft.EnterpriseManagement.ConnectorFramework;
using Microsoft.EnterpriseManagement.Monitoring;
using Microsoft.EnterpriseManagement.Monitoring.Security;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Diagnostics;
using System.Xml;
using System.Security;
using Microsoft.EnterpriseManagement.Administration;
using NConsoler; //

namespace OpsMgrApproveCredentialForDistribution
    class Program
        static void Main(string[] args)
            Consolery.Run(typeof(Program), args);

        public static void DoWork(
            [Required(Description="Enter RMS Server name")]
            string RMS,
            [Required(Description="Enter RunAs Account Name")]
            string RunAsAccount,
            [Required(Description = "Enter FQDN OpsMgr Agent\n" +
                "\nExample: AddToDistList.exe om_sql_mon" +
                "\nAdding a computer to the Distribution list on a RunAs Account application for OpsMgr 2007" +
                "\\n" +
                "\nProvided 'AS IS' without warranty of any kind")]
            string OpsMgrAgent)
            Console.WriteLine("OpsMgrApproveCredentialForDistribution - Version 1.3 - Compiled March 5, 2011");

                // Connect to the sdk service on the RMS
                //ManagementGroup localManagementGroup = new ManagementGroup(strRMS);
                ManagementGroup localManagementGroup = ConnectMG(RMS);
                if (localManagementGroup == null)
                    Console.WriteLine("Failed to connect to Root Management Server " + RMS);

                    MonitoringSecureDataCriteria runAsAccountCriteria;
                    ReadOnlyCollection<MonitoringSecureData> runAsAccounts;

                    Console.WriteLine("RunAs Account Username:" + RunAsAccount);

                    runAsAccountCriteria = new MonitoringSecureDataCriteria("UserName LIKE " + "'" + RunAsAccount + "'");
                    runAsAccounts = localManagementGroup.GetMonitoringSecureData(runAsAccountCriteria);

                    if (runAsAccounts.Count == 0)
                        throw new InvalidOperationException("Error! RunAs Account not found: " + RunAsAccount);

                    MonitoringSecureData account = runAsAccounts[0];
                    List<MonitoringObject> list = new List<MonitoringObject>();

                    // Fully qualified name of the agent-managed computer.
                    ManagementGroupAdministration admin = localManagementGroup.GetAdministration();

                    string query = "Name = '" + OpsMgrAgent + "'";
                    AgentManagedComputerCriteria agentCriteria =
                        new AgentManagedComputerCriteria(query);
                    ReadOnlyCollection<AgentManagedComputer> agents =
                    if (agents.Count != 1)
                        throw new InvalidOperationException("Error! OpsMgr Agent not found: " + OpsMgrAgent);

                    //Add OpsMgr Agent to list
                    localManagementGroup.ApproveCredentialForDistribution((ISecuredData)account, list);
                    Console.WriteLine("OpsMgr Agent " + OpsMgrAgent + " added to distribution list");


        private static ManagementGroup ConnectMG()
            throw new NotImplementedException();

        //Connect to SDK Service on Root Management Server
        private static ManagementGroup ConnectMG(String RMS)
            Console.WriteLine("Connect to Root Management Server:" + RMS);
                ManagementGroupConnectionSettings connectionSettings = new ManagementGroupConnectionSettings(RMS);
                ManagementGroup localManagementGroup = ManagementGroup.Connect(connectionSettings);
                if (!localManagementGroup.IsConnected)
                    throw new InvalidOperationException("Not connected to an SDK Service.");
                Console.WriteLine("Connected to Management Group {0}", localManagementGroup.Name);
                return localManagementGroup;
            catch (Exception exception)
                Console.WriteLine("\nConnection failed. " + exception.Message);
                if (exception.InnerException != null)
                    return null;                    
                return null;
Ok let’s have a look how it works. 
We will be adding the OpsMgr Agent OpsMgrDC01.stranger.local to the SQL MP Monitoring Account Run As Account. (yes this is just an example there is no SQL running on my Domain Controller) Winking smile
Current Config SQL MP Monitoring Run As Account:
Step 1: Install AddToDistList console application on machine where OpsConsole is installed.
Just copy the AddToDistList.exe to a folder of your choice.
Step 2. Open the AddToDistList.exe from command prompt.

As you see it needs 3 parameters:

  • RMS Name
  • RunAs Account Name (domain account name)
  • FQDN OpsMgr Agent


When we want to add the OpsMgrDC01.stranger.local OpsMgr Agent to the SQL MP Monitoring Account Run As Account we need to run the following:

AddToDistList.exe opsmgrrms.stranger.local om_sql_mon opsmgrdc01.stranger.local


Let’s check if the opsmgrdc01 agent is added to the distribution list.

Yes! It worked Smile



Now you could create a script that pull’s the names of the computers that need to be added to the Distribution List from a text file and call’s the AddToDistList console application.

Download AddToDistList.exe

Download SourceCode


This is provided as a sample, no support is implied. Provided 'AS IS' without warranty of any kind. I wrote it for me initially.I'm not a developer, and don't profess to be either; just to set your expectations Smile

Tested on OpsMgr 2007 R2.