Jump to content




Kevin79

Collections based on AD Groups - 2 clients think they are in the group?



Recommended Posts

I have a collection that is based on membership in an AD Group. The collection works fine for the most part but I have 3 clients are are in the collection that are not part of the AD Group. When I look at the properties of the client, it says it belongs to that group but when I look at the AD Group itself, the clients aren't in there. How do I remove them from that collection? I've deleted the collection and readded it but they will show up again.

Share this post


Link to post
Share on other sites


Hi,

 

sounds like u are using the IS LIKE %XXX% clause, and catching 2 AD goups with it. Rather use the EQUALS option and fill in the whole AD group name "DOMAIN\Group Name".

Either that or the clients objects are obsolete and have been members of the group before. Always add the "System Ressource/Obsolete" Option with a value of 0 to your Collection queries.

Share this post


Link to post
Share on other sites

Hi,

 

sounds like u are using the IS LIKE %XXX% clause, and catching 2 AD goups with it. Rather use the EQUALS option and fill in the whole AD group name "DOMAIN\Group Name".

Either that or the clients objects are obsolete and have been members of the group before. Always add the "System Ressource/Obsolete" Option with a value of 0 to your Collection queries.

 

Here is my query:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "Domain\Group Name"

 

The clients aren't obsolete and one of them is my SCCM server itself... Any other ideas?

Share this post


Link to post
Share on other sites

How often are your discoveries running? Are those discoveries running succesfully? Without any warnings or errors?

 

The AD System Group Discovery is running every hour.

The AD Security Group Discovery is running every day.

The AD System Discovery is running every hour.

The AD User Discovery is running every day but isn't configured to find any users.

Heartbeat Discovery is running every day.

Network Discovery isn't set to run.

 

They all seem to be running successfully and the only warnings are about finding computers in AD that aren't currently on the network (I.E. Laptops that have been taken home by the user for the night.)

Share this post


Link to post
Share on other sites

Use a WMI browser, such as wbemtest or SAPIEN WMI Explorer to retrieve instances of SMS_R_System, and then examine the value of the SystemGroupName property on a few, random instances. This will ensure that the data is being pulled properly from Active Directory, is being populated into the SCCM database, and is retrievable through the SCCM provider.

 

Hope this helps.

 

Cheers,

Trevor Sullivan

http://trevorsullivan.net

http://twitter.com/pcgeek86

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×