Jump to content


jamitupya

Deploy software through AD Groups linked to Collections in SCCM

Recommended Posts

We have 1000 PCs' in our organization and we are going to deploy applications/software through SCCM R2 to our Windows 7 environment. We have almost 100 softwares and tens of classrooms, which each class needs spesific programs to install.

 

I have created Collection for each classroom.

Like this:

 

Computers

-- ClassRoom 1

-- ClassRoom 2

-- ClassRoom 3

Collections are dynamic with queries, which checks computers accounts from AD and spesific OU:

select SMS_R_System.NetbiosName from SMS_R_System where SMS_R_System.SystemOUName = "ORGANISATION.LOCAL/Computers/Classroom1"

 

I have created adverts of software that I want to install for each collections. It works fine when new computer is added, but when I need to re-install for example App-V Client, all software disappears and they don't install automatically anymore. Also if I remove some software manually, it doesn't automatically install anymore. I need to make new advert to get it done.

 

How can I automate this task, that machine clients check always programs that they should have, and installs missing software again without questions or need to make new advert?

 

Playing with AD groups, has a lot of work for maintenance to keep groups updated in future and when computers are changed to new ones. It would be so lot easier, if ConfigManager just checks computer accounts from spesific OU and and installs software to this spesific collection.

Share this post


Link to post
Share on other sites

First thank for sharing that anyweb

 

I have a question:

 

- I deploy software on the domain via group like you explain.

- I deploy new pc via OSD PXE and task sequence "tatal setup take 6hrs"

 

Is there a way to have the new pc in the group ex: "Visual Studio" without having sccm deploy the software because Visual Studio is already installed by OSD task sequence? I know i can do that via the install script to detect the version of software and exiting if the same version is installed but if it's possible i want to avoid that.

Share this post


Link to post
Share on other sites

Guest itismike

Hi Mucimol,

You probably already found this out, but for completeness, your program will not install twice unless you've told it to "always rerun program" in the program description.

Share this post


Link to post
Share on other sites

How do I set this up so that it will see new members of the group quickly (within 15-30 minutes of the computer being added)? Does ConfigMgr need to run the Active Directory System Group Discovery, then update the collection?

Share this post


Link to post
Share on other sites

Two new questions:

-I'm still having issues with it updating quickly. Can someone tell me what changes I need to make to do this?

-After I run this query for the collection, how do I have it update the collection when a computer is removed? I.E. I have a computer in the AD group that builds the collection but then I remove the computer from that group. Can I have it automatically remove it from the collection?

Share this post


Link to post
Share on other sites

Two new questions:

-I'm still having issues with it updating quickly. Can someone tell me what changes I need to make to do this?

-After I run this query for the collection, how do I have it update the collection when a computer is removed? I.E. I have a computer in the AD group that builds the collection but then I remove the computer from that group. Can I have it automatically remove it from the collection?

 

On the first one: The more often you run discoveries and (auto) update collections, the quicker new objects are updating in collections (but you need to find a balance between how often you update and the load it will generate).

On the second one: Is also done with running the discovery and updating the collection...

Share this post


Link to post
Share on other sites

On the first one: The more often you run discoveries and (auto) update collections, the quicker new objects are updating in collections (but you need to find a balance between how often you update and the load it will generate).

On the second one: Is also done with running the discovery and updating the collection...

 

I must be missing something then. I added a computer to an AD group and it was added. I then remove it and it isn't removed from the collection. I did this close to two weeks ago.

Share this post


Link to post
Share on other sites

I'm still having problems with this. If I add a new active directory group the "All Active Directory Security Groups" collection shows the new group. Membership for the groups is never updated though. If I look at the properties of a client in the "All Desktops and Servers" collection, System Group Name is never updated with the new groups, even though the computer is a member of that group in active directory. I also noticed that "AD Domain Name" is set to "<null>" and if I try to edit the Active Directory "Discovery Methods", the "Custom LDAP or GC query" Browse button only shows my parent domain. I can't select my child domain even though that is where the SCCM server is located. It worked when I first set it up but now it isn't. Does anyone have any suggestions on how I can troubleshoot this?

Share this post


Link to post
Share on other sites

I have decided to start using this method of deploying some of our most-requested software by using AD groups. I have the process down, but am wondering what people have set for their AD System Group Discovery polling interval? Mine is currently set at once a day but I wanting to reduce it so if a user requests software, then they'll have it installed when they come in the next day. I'm thinking maybe 12 hours or maybe 6 hours? I am running R3, but unfortuneately delta discovery doesn't solve this problem.

 

Thanks!

Share this post


Link to post
Share on other sites

So, I have this set up using Standalone mode via SCCM for my App-V apps. How do I prevent an application from running or remove it from the client without having to remote in and manually remove it from the Application Virtualization Client Management Console once a user no longer needs an application?

 

Scenario: I have computer part of Security Group "Mozilla Firefox", this computer no longer needs Mozilla Firefox, so I remove the computer from the "Mozilla Firefox" Security Group, this will prevent it being published to the computer. How can I automate the removal from the computer? Msiexec /x command?

Share this post


Link to post
Share on other sites

So, I have this set up using Standalone mode via SCCM for my App-V apps. How do I prevent an application from running or remove it from the client without having to remote in and manually remove it from the Application Virtualization Client Management Console once a user no longer needs an application?

 

Scenario: I have computer part of Security Group "Mozilla Firefox", this computer no longer needs Mozilla Firefox, so I remove the computer from the "Mozilla Firefox" Security Group, this will prevent it being published to the computer. How can I automate the removal from the computer? Msiexec /x command?

 

Disregard. Here it is. http://www.windows-noob.com/forums/index.php?/topic/677-automatic-removal-of-applications/

Share this post


Link to post
Share on other sites

:(

 

I am still trying to get used to SCCM 2007 (only had access for a week) and am following this guide to install a EXE of some fonts.

I am stuck at this simple part "Now you can target these sub collections with software to install, so in this case you would target the collections above with an advertisement to install Microsoft Office 2003."

 

How do I target a collection with an advertisment?

 

I can right click and select "Advertise Task Sequence" but I don't have one for this.. unless I am ment to make one.

 

Hope you can help, thanks! (sorry if I am dragging up an old post)

 

g.

 

EDIT: Of Course!!

2 seconds after making that post I find the Advertisement section.. I still have an issue though as the software does not show up when I try to select a package. All my other software is there (put there by the last admin) but my one does not show up. I have refreashed the pakage on the distrabution point but still can not see it in the list.. Any ideas?

Edited by UserInterface

Share this post


Link to post
Share on other sites

I realised that I had not assigned the program to the software package so have that working now however I still do not see any users in the collection.

I have followed your guide step by step, but am not sure what to try next.

 

I have 2 users in the group, but none show up in the collection.

Share this post


Link to post
Share on other sites

Hello everyone, I've been using this site for years, and never had to post anything since I have always found the answer! But here is one that kinda goes along this same thread. I am trying to create a script for SCCM that polls an OU for all the users, then queries the users machine, and then takes that machine and places it in a collection, here is what I've found but I keep getting a syntax error...

 

 

select SMS_R_System.ResourceID,

SMS_R_System.ResourceType,

SMS_R_System.Name,

SMS_R_System.SMSUniqueIdentifier,

SMS_R_System.ResourceDomainORWorkgroup,

SMS_R_System.Client from SMS_R_System

inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.UserName in (select UniqueUserName from SMS_R_User where UserOUName = "Domain/OU” )

 

 

 

I think I might have a space or something wrong somewhere, but the error is in the lower half of the script since everything seems to be fine if I cut out this part....

 

inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.UserName in (select UniqueUserName from SMS_R_User where UserOUName = "Domain/OU” )

 

 

 

Is there something I need to change that anyone can see?

 

 

Thanks in advance, you all Rock!

Share this post


Link to post
Share on other sites

check this

 

"Domain/OU”

 

those " don't look quite right to me..... probably because you copy/pasted them from Microsoft Word or something, remove them and re-enter them from your keyboard instead.

Share this post


Link to post
Share on other sites

I implemented AD Group-based installation/uninstallation with the following setup on SCCM2012, don't know is it the best one, don't think so...

 

So,

 

Two collections:

 

Install Software X (Gets members by AD Group)

Uninstall Software X (Excludes the members in Install Software X, so basicly contains all the other resources)

 

Two deployments:

 

Install Application Software X for the Install Software X collection

Uninstall Application Software X for the Uninstall Software X collection

 

So basicly, when I add a computer to Install Group it get's the application installed and when I remove it from the group, the application get's uninstalled... any thoughts?

Share this post


Link to post
Share on other sites

Hi narcoticmind,

 

I've created an AD query based collection using sccm 2012 r2. Ran the the System/ Device discovery but collection is not being populated. please how did you get yours to work. Is the any guide on here for SCCM 2012.

 

This is the query statement. select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName like "Mydomain/Application Accounts/App-Tool7.0-Win7-X86"

 

Disregard this. its working now. I was only refreshing the collection i create. After refreshing the device collection. I can see my machine is now in the group.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...