Jump to content


Dick

OU Collections Not Populating Entirely

Recommended Posts

First of all, great site! I've found some great tips here.

 

I have created SCCM 2007 collections based on Active Directory OUs by following the process found here: http://www.techrepublic.com/blog/datacenter/making-sms-2007-collections-based-on-organizational-unit/381 This works as expected on about 75% of OU based collections that have been created. The other collections are not populating entirely. Some machines show up and some do not. System Group Discovery and System Discovery are enabled. The computers that are not appearing in these OU collections do show up in All Systems collection. Any advice?

 

Thanks,

 

Dick

Share this post


Link to post
Share on other sites


Also, I have tried using the Operator "lowercase is like" and using %OUpath% for the Value in the Criterion Properties. This has not affected the results.

Share this post


Link to post
Share on other sites

I have tried building similar collections myself and got the same results.

The thing is you are querying the sccm database, not the AD directly, and the database is updated by the Discovery agents. If I remember correctly the System Discovery Agent updates what systems are in which OU's and by default the agent only runs once per day. Again, I could be wrong, but this is what I found most likely.

Share this post


Link to post
Share on other sites

Our collections by default update once daily, as you mentioned. I've tried manually updating the collections manually and waiting for the scheduled update. The results are just not consistent and reliable enough for us to use. The driving force is to push software. We need to be able to do this in a organized and logical manner. None of the default collections are really suitable for this. Perhaps there is a better way to group computers into collections. I have considered tools like those seen here http://henkhoogendoorn.blogspot.com/2010/10/creating-dynamic-collections-in.html

http://www.sccm-tools.com/tools/standalone/standalone.aspx

 

I'm a little hesitant to try these as we aren't fortunate enough to have a full test environmnet. If the tools are just automating the same basic process, I don't see how the results will be any different other than reduce the chance for human error and reduce time involved. I have looked over the properties multiple times to ensure the collections I'm having issues with are constructed the same as the ones that work.

Share this post


Link to post
Share on other sites

I looked into this a bit more and I was wrong about the system Discovery Agent. Here's some information I found on this:

 

 

- AD Sys Discovery finds systems in AD (in the OUs you specify) that are not disabled and are resolvable via DNS. AD Sys Discovery will also assign discovered resources to sites based upon boundaries. Check adsysdis.log to make sure the systems in question are being discovered.

- AD Sys Group Discovery will query AD for OU and Group information for all systems in the OUs specified that have been discovered and are assigned to the site. (If says "the site" at http://technet.micro...y/cc181248.aspx but I think it should read "a site", not positive though). Check adsysgrp.log to verify that the OU and group info for a system is being picked up.

Share this post


Link to post
Share on other sites

I made some progress on this this morning. All but one of my computers is showing up. I changed the AD system discovery properties to search in two specific OUs containing all our comptuers instead of the entire domain. I also noticed that most computers that were not showing up were from the same subnet. I create a boundry for this subnet as well. However, if this was the cause, we have other OUs with computers that are in other subnets that did not experience this issue. Also, the other subnets are connected via a VPN connection. The computer that is missing shows up in All Systems collection. I've looked at the adsysdis log. I can see that the one computer is discovered in that OU and DDR was written for the system. So, it seems as if it has been discovered by SCCM. It's just not showing up in that OU collection. I'll continue to monitor this and others as computers are added.

Share this post


Link to post
Share on other sites

Few years later & in current (latest & best) SCCM CB I have the very same issue

Selecting AD group as criteria in query

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SecurityGroupName = "DOMAIN\\Some_Group"

works perfectly (membership is populated)

If I chose AD OU as criteria in query, it is hit & miss, mostly MISS

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemOUName = "DOMAIN_IN_FDQN/MY-COMPUTERS/SOME SUB OU/SOME OTHER SUB OU/ADMIN/THAT OFFICE" and SMS_R_System.SystemOUName = "DOMAIN_IN_FDQN/MY-COMPUTERS/SOME SUB OU/SOME OTHER SUB OU/ADMIN/THIS OFFICE"

BOTH OU are selected from the Value box (that is the most ridiculous selection box possible!!! - can not be resized, it is too small, does not sort = total C**P)

Yes no members are populated

Any ideas how to get them (from OU query)

Of course AD Discovery work fine, otherwise I could not select from that stupib box!

Seb

Share this post


Link to post
Share on other sites
1 hour ago, spgsitsupport said:

Few years later & in current (latest & best) SCCM CB I have the very same issue

Selecting AD group as criteria in query


select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SecurityGroupName = "DOMAIN\\Some_Group"

works perfectly (membership is populated)

If I chose AD OU as criteria in query, it is hit & miss, mostly MISS


select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemOUName = "DOMAIN_IN_FDQN/MY-COMPUTERS/SOME SUB OU/SOME OTHER SUB OU/ADMIN/THAT OFFICE" and SMS_R_System.SystemOUName = "DOMAIN_IN_FDQN/MY-COMPUTERS/SOME SUB OU/SOME OTHER SUB OU/ADMIN/THIS OFFICE"

BOTH OU are selected from the Value box (that is the most ridiculous selection box possible!!! - can not be resized, it is too small, does not sort = total C**P)

Yes no members are populated

Any ideas how to get them (from OU query)

Of course AD Discovery work fine, otherwise I could not select from that stupib box!

Seb

OU, is not always populated by AD discovery, it is also populated by heartbeat discovery.

Similarly, Security groups are populated by Heartbeat discovery too.  As such I never recommend using that query style instead, use a direct membership for the Sec group. This allow computers to install the SW (assuming that is what the collection is for) without having to wait for heartbeat discovery to run.

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...