SCCM: Collection that queries against a security group
You can only create rule based queries based on data that has been collected with the various discovery methods. But among the discovery methods, you have Active Directory Security Group Discovery which will work just fine for your purposes. You just have to turn it on and set it to scan the AD containers that have your groups in them.
Then you can create rule based collections with queries that filter on the System Group Name attribute of the System Resource attribute class. The raw SQL for this type of query is provided in taylord1's answer.
If you're worried about timing and the fact that the default scan schedule is only once a day as well as the collection update schedule, it's really easy to just change the schedule to meet your needs. Just keep in mind that you'll need to update both the Security Group Discovery schedule and the Collection Update schedule. If possible, you should try to time them so the Collection Update schedule happens a few minutes after the Security Group Discovery schedule.
If you're already using Security Group Discovery and are worried about a performance hit from increasing the scan schedule, I'd still suggest trying it out first to see whether it actually causes too much stress on your infrastructure. However, there are other ways of triggering individual machine updates I can describe if you're interested. It involves some programming though.
Related videos on Youtube
user7862
Updated on September 17, 2022Comments
-
user7862 almost 2 years
Is there a way to specify that a collection queries against a specific security group in AD, or can it only query against machines already in it's db put there via discovery methods?
-
Madhu Cheluvaraju about 15 yearsWhat are you trying to do? Perhaps I can help.
-
user7862 about 15 yearsI am attempting to test SCCM deployment against a subset of machines that I have defined in a security group.
-
Madhu Cheluvaraju about 15 yearsYou mean deploy the client? OS? Package?
-
Madhu Cheluvaraju about 15 yearsYou could discover the OU that contains all the machines, then create a collection with only those machines.