Jump to content


Kevin79

AD Groups for collection

By Kevin79, in Collections

Recommended Posts

Kevin79    2

Kevin79
Posted

I have SCCM setup to can an AD OU for groups and use the membership of a group to build a collection. I have a main OU with groups in it. Inside that group, I want to have other groups that belong to different OUs so that the local admins can add computers to it. When I do this, computers inside the nested group don't show up. Do I need to have my AD System Group Discovery discover all the groups in the different OU? If I tell it to "Include Groups", shouldn't it scan the nested groups even if it isn't part of the container?

 

For example, my AD looks like this:

 

Domain

-Groups 1

-Site A

--Groups A

--Computers A

-Site B

--Groups B

--Computers B

-Site C

--Groups C

--Computers C

 

Groups 1 is the OU that is scanned in the AD System Group Discovery method. The search options are Recursive and Include groups. One of the groups in Group 1 includes groups that are in Groups A, Groups B and Groups C.

 

I have AD System Discovery setup to scan computers in Computers A, Computers B, Computers C.

 

My collection is working fine and if I add the computer directly to the group in Groups 1 it shows up but if I add it to a group in Groups A (that is then a member of Groups 1) it doesn't show up.

Share this post

Link to post
Share on other sites

Trevor Sullivan    19

Trevor Sullivan
Posted

Use a WMI browser on your SCCM primary site to pull a list of SMS_R_System instances, and examine the SystemGroupName property on them. This should tell you if nested group information is getting pulled or not. I suppose I wouldn't be surprised if the discovery method were not pulling nested group info.

 

Hope this helps.

 

Cheers,

Trevor Sullivan

http://trevorsullivan.net

http://twitter.com/pcgeek86

Share this post

Link to post
Share on other sites

Kevin79    2

Kevin79
Posted

Use a WMI browser on your SCCM primary site to pull a list of SMS_R_System instances, and examine the SystemGroupName property on them. This should tell you if nested group information is getting pulled or not. I suppose I wouldn't be surprised if the discovery method were not pulling nested group info.

 

Hope this helps.

 

Cheers,

Trevor Sullivan

http://trevorsullivan.net

http://twitter.com/pcgeek86

 

Forgive the stupidity, but how do I do that?

Share this post

Link to post
Share on other sites

Trevor Sullivan    19

Trevor Sullivan
Posted

Forgive the stupidity, but how do I do that?

Sorry, I should have clarified on that.

 

You can use the built-in wbemtest.exe in Windows.

 

1. Open wbemtest.exe (and click Asynchronous)

2. Connect to the root\sms\site_abc WMI namespace

3. Hit "Enum Instances"

4. Type "SMS_R_System" in the class name field

5. Randomly double-click a few instances in the list returned and examine the value of the SystemGroupName property

 

Hope this helps.

 

Cheers,

Trevor Sullivan

http://trevorsullivan.net

http://twitter.com/pcgeek86

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go To Topic Listing
×
×
  • Create New...