Jump to content


  • 0
Kevin79

Collections based on AD Groups - 2 clients think they are in the group?

Question

I have a collection that is based on membership in an AD Group. The collection works fine for the most part but I have 3 clients are are in the collection that are not part of the AD Group. When I look at the properties of the client, it says it belongs to that group but when I look at the AD Group itself, the clients aren't in there. How do I remove them from that collection? I've deleted the collection and readded it but they will show up again.

Share this post


Link to post
Share on other sites

5 answers to this question

Recommended Posts

  • 0

Hi,

 

sounds like u are using the IS LIKE %XXX% clause, and catching 2 AD goups with it. Rather use the EQUALS option and fill in the whole AD group name "DOMAIN\Group Name".

Either that or the clients objects are obsolete and have been members of the group before. Always add the "System Ressource/Obsolete" Option with a value of 0 to your Collection queries.

Share this post


Link to post
Share on other sites

  • 0

Hi,

 

sounds like u are using the IS LIKE %XXX% clause, and catching 2 AD goups with it. Rather use the EQUALS option and fill in the whole AD group name "DOMAIN\Group Name".

Either that or the clients objects are obsolete and have been members of the group before. Always add the "System Ressource/Obsolete" Option with a value of 0 to your Collection queries.

 

Here is my query:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "Domain\Group Name"

 

The clients aren't obsolete and one of them is my SCCM server itself... Any other ideas?

Share this post


Link to post
Share on other sites

  • 0

How often are your discoveries running? Are those discoveries running succesfully? Without any warnings or errors?

 

The AD System Group Discovery is running every hour.

The AD Security Group Discovery is running every day.

The AD System Discovery is running every hour.

The AD User Discovery is running every day but isn't configured to find any users.

Heartbeat Discovery is running every day.

Network Discovery isn't set to run.

 

They all seem to be running successfully and the only warnings are about finding computers in AD that aren't currently on the network (I.E. Laptops that have been taken home by the user for the night.)

Share this post


Link to post
Share on other sites

  • 0

Use a WMI browser, such as wbemtest or SAPIEN WMI Explorer to retrieve instances of SMS_R_System, and then examine the value of the SystemGroupName property on a few, random instances. This will ensure that the data is being pulled properly from Active Directory, is being populated into the SCCM database, and is retrievable through the SCCM provider.

 

Hope this helps.

 

Cheers,

Trevor Sullivan

http://trevorsullivan.net

http://twitter.com/pcgeek86

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.