I have created a group based collection by locating the group I wish to use under the default "All Active Directory Security Groups", right clicking the group and going to All Tasks > Distribute Software. Here I chose my package, distribution point, had it create a new collection with the selected resource, and set it to advertise starting right then. I confirmed that a couple of the client in the group did receive the advertisement.
Since then I have added a couple of users to the group and installed the client (via push). I have checked and the client did install properly and was automatically assigned to the correct site. I did this about 24 hours ago. Here is what I have tried since:
1. On client: From System Management in control panel, went to initiate the action to refresh user policy, and again for machine policy.
2. On SMS Server: Right click collection>All Tasks>Update Collection Membership
3. On SMS Server: Site Hierarchy>(Site)>Site Settings>Discovery Methods>Right click AD Security Group Discovery>Properties>Check
ed "Run discovery as soon as possible".
I have probably done each a few times. His execmgr.log shows a line for "On policy activation ignore disabled policy Per-system attended" which is an advertisment to "All Systems" that is disabled, so I know that he IS receiving policy updates. It seems as if it does not yet recognize him as part of this group.
Note: The policy he is receiving as disabled is a advertisement to the "All Systems" collection, so it is a machine policy and not a user policy, not sure if this is relevant.
