tontontools.

Release Notes

Add User To Collection — Changelog

Version history for Add User To Collection. Entries follow the Keep a Changelog convention with four groups: Added, Changed, Fixed, Security.

v1.0.0

Released January 2026released

Initial public release of Add User To Collection. The product is sold in the Essentials tier of the TontonTools suite. A 14-day free trial is available without a credit card.

Added

  • Bulk addition of users to an SCCM user collection (CollectionType = 1). Supports three rule types: direct member rules (SMS_CollectionRuleDirect), include collection rules (SMS_CollectionRuleIncludeCollection), and exclude collection rules (SMS_CollectionRuleExcludeCollection).
  • Two input methods for the user list: file import (CSV/TXT, one user per line) and paste list (multi-line text area). Both feed the same bulk processing pipeline.
  • Three SCCM user resolution strategies, attempted in order before a user is reported as not found: UserName domain\sam, UniqueUserName, UserName plain. The first successful strategy is logged in the activity log per user.
  • Idempotent execution: before adding a user, AUC checks SMS_FullCollectionMembership to verify the user is not already a member of the target collection. Already-member users are skipped with a clear log entry, no duplicate rule is created.
  • Circular-reference safety for include / exclude rules: a collection cannot be added to itself, and chained inclusion cycles are detected and refused at rule creation time.
  • Filterable collection picker dialog: type a partial collection name to narrow the list of CollectionType = 1 collections. Sorted alphabetically by display name. Enter or double-click to select.
  • Bulk RequestRefresh on the target collection after all membership rules are added — ensures the collection membership is recomputed by the SCCM site without waiting for the next scheduled refresh cycle.
  • SCCM connection via the standard WMI namespace root\sms\site_<X> with the in-dialog Auto-detect cascade (cache + registry + WMI + console probe).
  • Manual SCCM credentials entry as a fallback when auto-detection fails.
  • CMTrace-compatible activity log written to C:\TEMP\AddUserToCollection.log with timestamp, executing Windows user, severity, and verbatim WMI response per entry.
  • DPAPI-encrypted credential storage shared across the suite at %AppData%\TontonTools\credentials.dat.
  • Read-only fallback mode in license grace period: rule creation is disabled, collection browsing and history remain available.

Security

  • No agent installed on managed endpoints — the product only communicates with the SCCM site server (RPC) and the TontonTools license endpoint.
  • No telemetry, no cloud backend, no third-party analytics.
  • Kerberos authentication under the signed-in Windows user — no service account required, no Graph permissions required.
  • TLS 1.2 enforced on the license validation request.
  • AUC takes usernames as-is and queries SMS_R_User directly. It does NOT look up the user in Active Directory before adding the membership rule — this is intentional, to keep the tool fully self-contained on SCCM data.

Related documentation