Dick 0 Report post Posted April 17, 2012 First of all, great site! I've found some great tips here. I have created SCCM 2007 collections based on Active Directory OUs by following the process found here: http://www.techrepublic.com/blog/datacenter/making-sms-2007-collections-based-on-organizational-unit/381 This works as expected on about 75% of OU based collections that have been created. The other collections are not populating entirely. Some machines show up and some do not. System Group Discovery and System Discovery are enabled. The computers that are not appearing in these OU collections do show up in All Systems collection. Any advice? Thanks, Dick Share this post Link to post Share on other sites
Dick 0 Report post Posted April 17, 2012 Also, I have tried using the Operator "lowercase is like" and using %OUpath% for the Value in the Criterion Properties. This has not affected the results. Share this post Link to post Share on other sites
stulli 0 Report post Posted April 25, 2012 I have tried building similar collections myself and got the same results. The thing is you are querying the sccm database, not the AD directly, and the database is updated by the Discovery agents. If I remember correctly the System Discovery Agent updates what systems are in which OU's and by default the agent only runs once per day. Again, I could be wrong, but this is what I found most likely. Share this post Link to post Share on other sites
Dick 0 Report post Posted April 26, 2012 Our collections by default update once daily, as you mentioned. I've tried manually updating the collections manually and waiting for the scheduled update. The results are just not consistent and reliable enough for us to use. The driving force is to push software. We need to be able to do this in a organized and logical manner. None of the default collections are really suitable for this. Perhaps there is a better way to group computers into collections. I have considered tools like those seen here http://henkhoogendoorn.blogspot.com/2010/10/creating-dynamic-collections-in.html http://www.sccm-tools.com/tools/standalone/standalone.aspx I'm a little hesitant to try these as we aren't fortunate enough to have a full test environmnet. If the tools are just automating the same basic process, I don't see how the results will be any different other than reduce the chance for human error and reduce time involved. I have looked over the properties multiple times to ensure the collections I'm having issues with are constructed the same as the ones that work. Share this post Link to post Share on other sites
stulli 0 Report post Posted April 27, 2012 I looked into this a bit more and I was wrong about the system Discovery Agent. Here's some information I found on this: - AD Sys Discovery finds systems in AD (in the OUs you specify) that are not disabled and are resolvable via DNS. AD Sys Discovery will also assign discovered resources to sites based upon boundaries. Check adsysdis.log to make sure the systems in question are being discovered. - AD Sys Group Discovery will query AD for OU and Group information for all systems in the OUs specified that have been discovered and are assigned to the site. (If says "the site" at http://technet.micro...y/cc181248.aspx but I think it should read "a site", not positive though). Check adsysgrp.log to verify that the OU and group info for a system is being picked up. Share this post Link to post Share on other sites
Dick 0 Report post Posted April 27, 2012 I made some progress on this this morning. All but one of my computers is showing up. I changed the AD system discovery properties to search in two specific OUs containing all our comptuers instead of the entire domain. I also noticed that most computers that were not showing up were from the same subnet. I create a boundry for this subnet as well. However, if this was the cause, we have other OUs with computers that are in other subnets that did not experience this issue. Also, the other subnets are connected via a VPN connection. The computer that is missing shows up in All Systems collection. I've looked at the adsysdis log. I can see that the one computer is discovered in that OU and DDR was written for the system. So, it seems as if it has been discovered by SCCM. It's just not showing up in that OU collection. I'll continue to monitor this and others as computers are added. Share this post Link to post Share on other sites
Muhammad Faisal Khan 0 Report post Posted November 30, 2012 Please check by taking system property in SCCM Console, is it showing data discovery property value of OU? if not then need to trouble shoot why all proerities data is not populating against the resource. Share this post Link to post Share on other sites
spgsitsupport 5 Report post Posted August 20, 2017 Few years later & in current (latest & best) SCCM CB I have the very same issue Selecting AD group as criteria in query select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SecurityGroupName = "DOMAIN\\Some_Group" works perfectly (membership is populated) If I chose AD OU as criteria in query, it is hit & miss, mostly MISS select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemOUName = "DOMAIN_IN_FDQN/MY-COMPUTERS/SOME SUB OU/SOME OTHER SUB OU/ADMIN/THAT OFFICE" and SMS_R_System.SystemOUName = "DOMAIN_IN_FDQN/MY-COMPUTERS/SOME SUB OU/SOME OTHER SUB OU/ADMIN/THIS OFFICE" BOTH OU are selected from the Value box (that is the most ridiculous selection box possible!!! - can not be resized, it is too small, does not sort = total C**P) Yes no members are populated Any ideas how to get them (from OU query) Of course AD Discovery work fine, otherwise I could not select from that stupib box! Seb Share this post Link to post Share on other sites
GarthMJ 119 Report post Posted August 20, 2017 1 hour ago, spgsitsupport said: Few years later & in current (latest & best) SCCM CB I have the very same issue Selecting AD group as criteria in query select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SecurityGroupName = "DOMAIN\\Some_Group" works perfectly (membership is populated) If I chose AD OU as criteria in query, it is hit & miss, mostly MISS select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemOUName = "DOMAIN_IN_FDQN/MY-COMPUTERS/SOME SUB OU/SOME OTHER SUB OU/ADMIN/THAT OFFICE" and SMS_R_System.SystemOUName = "DOMAIN_IN_FDQN/MY-COMPUTERS/SOME SUB OU/SOME OTHER SUB OU/ADMIN/THIS OFFICE" BOTH OU are selected from the Value box (that is the most ridiculous selection box possible!!! - can not be resized, it is too small, does not sort = total C**P) Yes no members are populated Any ideas how to get them (from OU query) Of course AD Discovery work fine, otherwise I could not select from that stupib box! Seb OU, is not always populated by AD discovery, it is also populated by heartbeat discovery. Similarly, Security groups are populated by Heartbeat discovery too. As such I never recommend using that query style instead, use a direct membership for the Sec group. This allow computers to install the SW (assuming that is what the collection is for) without having to wait for heartbeat discovery to run. Share this post Link to post Share on other sites