AddToDistList Tool - Adding a computer to the Distribution list on a RunAs Account

AddToDistList Tool - Adding a computer to the Distribution list on a RunAs Account

  • Comments 5
  • Likes

Some weeks ago I saw a question about how to use PowerShell for the ApproveCredentialForDistribution method. This Method Approves a secure credential for distribution to a list of MonitoringObject objects or PartialMonitoringObject objects. Calling this method adds the specified list to the already existing approved list in the system.

You use this method when you add a computer to the Run As Account.

clip_image002[4]

clip_image002

 

But what if you want to add not one but much more Computers to a Distribution List? In the OpsMgr Console you need to select each computer one-by-one and add the computer to the list. Would not it be cool if we could use PowerShell or some commandtool to create a script to do it automatically for us?

On the Technet System Center Forum website there is also a discussion about this topic. So I looked at the method on MSDN and tried to get this working in PowerShell. But till now I’ve not been able to get this working in PowerShell Sad smile So I created a Console App in Visual Studio 2010 which seems to work ok. I’ll add the source code so you can have a look how I  created the Console App. I also used nConsoler, which helped with the parsing of arguments in the console application. And finally I used ILMerge to merge the nConsoler dll in a single .NET assembly.

Program.cs:

using System;
using System.Text;
using Microsoft.EnterpriseManagement;
using Microsoft.EnterpriseManagement.Configuration;
using Microsoft.EnterpriseManagement.ConnectorFramework;
using Microsoft.EnterpriseManagement.Monitoring;
using Microsoft.EnterpriseManagement.Monitoring.Security;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Diagnostics;
using System.Xml;
using System.Security;
using Microsoft.EnterpriseManagement.Administration;
using NConsoler; //http://nconsoler.csharpus.com/

namespace OpsMgrApproveCredentialForDistribution
{
    class Program
    {
        static void Main(string[] args)
        {
            //NConsoler
            Consolery.Run(typeof(Program), args);
        }

        [Action]
        public static void DoWork(
            [Required(Description="Enter RMS Server name")]
            string RMS,
            [Required(Description="Enter RunAs Account Name")]
            string RunAsAccount,
            [Required(Description = "Enter FQDN OpsMgr Agent\n" +
                "\nExample: AddToDistList.exe opsmgrrms.contoso.com om_sql_mon opsmgragent.contoso.com" +
                "\nAdding a computer to the Distribution list on a RunAs Account application for OpsMgr 2007" +
                "\nemailname@hotmail.com\n" +
                "\nProvided 'AS IS' without warranty of any kind")]
            string OpsMgrAgent)
        {            
            Console.WriteLine("OpsMgrApproveCredentialForDistribution - Version 1.3 - Compiled March 5, 2011");
            Console.WriteLine("http://blogs.technet.com/stefan_stranger");


                // Connect to the sdk service on the RMS
                //ManagementGroup localManagementGroup = new ManagementGroup(strRMS);
                ManagementGroup localManagementGroup = ConnectMG(RMS);
                if (localManagementGroup == null)
                {
                    Console.WriteLine("Failed to connect to Root Management Server " + RMS);

                }
                else
                {
                    MonitoringSecureDataCriteria runAsAccountCriteria;
                    ReadOnlyCollection<MonitoringSecureData> runAsAccounts;

                    Console.WriteLine("RunAs Account Username:" + RunAsAccount);

                    runAsAccountCriteria = new MonitoringSecureDataCriteria("UserName LIKE " + "'" + RunAsAccount + "'");
                    runAsAccounts = localManagementGroup.GetMonitoringSecureData(runAsAccountCriteria);

                    if (runAsAccounts.Count == 0)
                        throw new InvalidOperationException("Error! RunAs Account not found: " + RunAsAccount);

                    MonitoringSecureData account = runAsAccounts[0];
                    List<MonitoringObject> list = new List<MonitoringObject>();

                    // Fully qualified name of the agent-managed computer.
                    ManagementGroupAdministration admin = localManagementGroup.GetAdministration();

                    string query = "Name = '" + OpsMgrAgent + "'";
                    AgentManagedComputerCriteria agentCriteria =
                        new AgentManagedComputerCriteria(query);
                    ReadOnlyCollection<AgentManagedComputer> agents =
                        admin.GetAgentManagedComputers(agentCriteria);
                    if (agents.Count != 1)
                        throw new InvalidOperationException("Error! OpsMgr Agent not found: " + OpsMgrAgent);


                    //Add OpsMgr Agent to list
                    list.Add(agents[0].HostedHealthService);
                    localManagementGroup.ApproveCredentialForDistribution((ISecuredData)account, list);
                    Console.WriteLine("OpsMgr Agent " + OpsMgrAgent + " added to distribution list");
            }
        

   }

        private static ManagementGroup ConnectMG()
        {
            throw new NotImplementedException();
        }

        //Connect to SDK Service on Root Management Server
        private static ManagementGroup ConnectMG(String RMS)
        {
            Console.WriteLine("Connect to Root Management Server:" + RMS);
            try
            {
                ManagementGroupConnectionSettings connectionSettings = new ManagementGroupConnectionSettings(RMS);
                ManagementGroup localManagementGroup = ManagementGroup.Connect(connectionSettings);
                if (!localManagementGroup.IsConnected)
                {
                    throw new InvalidOperationException("Not connected to an SDK Service.");
                }
                Console.WriteLine("Connected to Management Group {0}", localManagementGroup.Name);
                return localManagementGroup;
            }
            catch (Exception exception)
            {
                Console.WriteLine("\nConnection failed. " + exception.Message);
                if (exception.InnerException != null)
                {
                    Console.WriteLine(exception.InnerException.Message);
                    return null;                    
                }
            }
                return null;
                
        }
        
    }
}
 
Ok let’s have a look how it works. 
Scenario:
We will be adding the OpsMgr Agent OpsMgrDC01.stranger.local to the SQL MP Monitoring Account Run As Account. (yes this is just an example there is no SQL running on my Domain Controller) Winking smile
Current Config SQL MP Monitoring Run As Account:
imageimage
 
Step 1: Install AddToDistList console application on machine where OpsConsole is installed.
Just copy the AddToDistList.exe to a folder of your choice.
image
 
Step 2. Open the AddToDistList.exe from command prompt.
image

As you see it needs 3 parameters:

  • RMS Name
  • RunAs Account Name (domain account name)
  • FQDN OpsMgr Agent

 

When we want to add the OpsMgrDC01.stranger.local OpsMgr Agent to the SQL MP Monitoring Account Run As Account we need to run the following:

AddToDistList.exe opsmgrrms.stranger.local om_sql_mon opsmgrdc01.stranger.local

image

Let’s check if the opsmgrdc01 agent is added to the distribution list.

Yes! It worked Smile

image

 

Now you could create a script that pull’s the names of the computers that need to be added to the Distribution List from a text file and call’s the AddToDistList console application.

Download AddToDistList.exe

Download SourceCode

Disclamer:

This is provided as a sample, no support is implied. Provided 'AS IS' without warranty of any kind. I wrote it for me initially.I'm not a developer, and don't profess to be either; just to set your expectations Smile

Tested on OpsMgr 2007 R2.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Maybe, rather than using the external library to parse the commands of the DOS utility, you could have built a cmdlet - that way you would have still written it with Visual Studio, but would be able to use it in Powershell.

    Maybe next time :-)

  • Hi Daniele,

    Good idea! Will contact you get some info on how to do this.

    Regards,

    Stefan

  • Is it possible to read with a powershell the members of a group and add them all with AddToListTool to DistributedList?

    Thanks for any suggestions :-)

  • Just curious - what if you have multiple Run As accounts that use the same login?

  • i have a similar issue as matt does, momadmin account name in multiple domains, this would be good if i could either specify domain\momadmin or use the run as account displayname rather then the account name