Jump to content


JacobE

Deployment type dependancy/requirement- AD Group Membership possible?

By JacobE, in Configuration Manager 2012

Recommended Posts

JacobE Newbie

JacobE

Posted
Posted

Hi guys,

 

OK. So I've created an app-v4 app with 4 icons, with a deployment type assigned to each icon, giving me 4 deployment types.

 

Obviously when deploying though, you deploy the whole package and by default with no additional settings, it'll deploy all 4 icons to the user. I want to add a dependancy/requirement to make it that it detects AD Group membership, confirms if the user is a member of it and then if so, deploys that deployment type.

 

Is this doable? It'll be deployed to a specific user collection (which runs its own AD Group query to pull that AD group into that collection) so it won't be doing AD queries across the whole of our AD.

 

 

Share this post

Link to post
Share on other sites
h4x0r Newbie

h4x0r

Posted
Posted

I think you're going to need an application for each icon, because the client will look for detection methods based on what you have in your deployment types, and if one of them is met, then it will consider the app deployed. It is really meant more for things like architecture detection (as a simple example) where you have 32 bit and 64 bit version of software you need to deploy. Obviously a 32 bit OS can't have 64 bit software running on it...so the two deployment types allow for the install of a single app.

 

If it were me, I would create an application for each icon, with a scripted detection method...my first inclination is powershell, but that might be tough to get AD group membership without the RSAT AD Powershell module also installed on the client...so something like VBS might be a better option there.

Share this post

Link to post
Share on other sites
JacobE Newbie

JacobE

Posted
Posted

Oh really? Dammit. I was hoping to have a cleaner setup than that.

 

Powershell isn't an option due to our security, VBS is fine though (yes, I know)

Share this post

Link to post
Share on other sites
h4x0r Newbie

h4x0r

Posted
Posted

Actuallly, you might want to take a look at this...on your deployment type, if you go to the Requirements tab, click on Add..., under Category select Custom and then Create. Under the Setting Type, you can select Active Directory query...I'm not an expert in LDAP queries/filters, but you might be able to tweak that requirement condition to see if it will work with your AD groups.

Share this post

Link to post
Share on other sites
h4x0r Newbie

h4x0r

Posted
Posted

Now I feel all herp-derpish...I had tried to build a collection of objects based on AD groups at one time, but there was an issue with the sql query I was trying to create...little did I know how simple it actuallly is (I guess it also helps to have better search strings!).

 

Jacob, here are a couple links with further info...

From our own forums

 

Creating Collections based on AD group membership -- scroll down to the section titled "Device Collection based on an Active Directory Security Group" for easy step-by-step instructions, too.

 

Note that you'll need AD system discovery turned on for this as well.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.