The steps below assume that SCOM monitoring communication has been established via certificate authentication.
1. At the ACS collector server, stop the AdtServer service and then run AdtServer --c from the command prompt and select the certificate already requested and in use for agent to management/gateway server communication. Restart AdtServer.
2. At the workgroup/untrusted computer use the certificates snap-in to export the agent communication certificate in .CER format.
3. Within AD Users and Computers on the domain where the Collector resides, create a Computer account for the agent in the workgroup/untrusted domain. Use the Name Mapping option to import the certificate from the above step.
a. After creating the account, select View -> Advanced Features within Active Directory Users & Computers.
b. Right-click the computer account you created for the untrusted computer and select Name Mappings.
c. Add the X-509 certificate you exported from the untrusted computer in step 2.
4. In the Operations console run the Task to enable auditing on the agent.
5. On the untrusted computer, stop the AdtAgent service (net stop adtagent.exe)
6. On the untrusted computer run AdtAgent --c and select the same certificate used for agent to management server authentication. Restart the AdtAgent service
7. Runt the query SELECT * FROM dbo.dtMachine against your ACS Collector database to ensure that the untrusted computer has been added.