Junior SCCM guy to top dog.

Posted on 2016-08-23
Last Modified: 2016-10-13
Greeting Experts,

I've been prepping a wim/task sequence for a USMT migration from Windows 7 to Windows 10, then my main SCCM Architect left. I was just told I'm inheriting the entire SCCM environment. Its a small shop about 250 users. They have 1 primary and 1 secondary servers. The main site has 240 users and the offsite datacenter has maybe 10 users. I've been packaging and deploying apps and OS's once before, but now I'm asked to upgrade all the Win Servers OS's from 2012 R2 to CB,  in addition to upgrading the SCCM servers to CB 1607 before the migration starts. I read up that all the CM Servers that are running Windows Server 2012 R2 need to be upgraded and all problems fixed before the SCCM servers are upgraded to CB 1607.  

I looked in the All Devices collection and there are over 650 pc/laptops and 350 servers so the SCCM guy that just left was not cleaning up AD or SCCM and I have a ton of duplicates devices to clean up and we don't have anything like a Nagios server to scavenge pcs that haven't been logged into in over 90 days.

Could you please point me in the right direction on maybe a PS script to check and see if the pc's in SCCM and AD are valid, logged into in the pass 90 days, are in a proper Computer AD-OU and don't have the Machine Account disabled?

Also all the monthly OS/Office monthly updates groups for the past year have a 36% to 54% success compliance rate. What else should I check on a daily bases?

Question by:Robbie Razor
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 22

Accepted Solution

Adam Leinss earned 500 total points
ID: 41768601
If you go into the SCCM console, it will say "Yes" or "No" under the client installed field.  SCCM uses a heartbeat to determine whether a client is still active or not.   You probably want to go to the Devices collection and look at the computers where the client installed field is set to No and investigate those.  I would be careful about running any script and deleting any computer accounts.  You can get false timestamps depending on what DC the computer last logged into (this information is replicated every few months between DCs: it is not real time).

In terms of a health check...look under the Monitoring>System Status tab and and see if any errors pop up.  Everything should be green (hopefully).
LVL 22

Expert Comment

ID: 41769417
How long have you been working with SCCM ?

Author Comment

by:Robbie Razor
ID: 41769447
Deploying apps 5 years & deploying OS's 3.
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.


Author Comment

by:Robbie Razor
ID: 41769462
Thanks Adam!

Is it possible to do a In-place upgrade on the Servers OS version, SQL versions and SCCM version? I'm having 2 servers created to replace my Primary and Secondary servers.  

I have to move from these older version to newer, I'm 13 versions away from CB 1606.

1.) Move from Windows Server 2008 R2 to a new Windows Server 2012 R2 Datacenter.
Can I keep the current site codes?

2.) Upgrade and move DB from SQL 2008 Express to SQL 2012 R2.
How should I export the old CM database and then Import into the new SQL database?

3.) SCCM 2012 R2 to a new SCCM CB 1606 server.
What should I export from the old CM box and then Import into the new CM box?

Any links or guides would be great.

Thanks in advance!
LVL 22

Assisted Solution

by:Adam Leinss
Adam Leinss earned 500 total points
ID: 41769479
If you have 250 users, I would personally just build a new SCCM server and then just push out the new client from the new server, unless you have a lot of customization on your current server.  Since you said your SCCM guy left, it would probably be a great time to do a little house keeping and you would then understand how SCCM works from the ground up.  You can actually erect a new SCCM server in your environment and have it disrupt nothing: just don't update AD with the new site code information (it should give you an option to defer this option) and don't allow automatic client push.

Then you can spin up VMs or go to clients and manually input the site code from your new server to do testing and when you are ready, then you can update AD with the site code information and then re-push the client to your 250 users.

Author Comment

by:Robbie Razor
ID: 41778650
Thanks Adam.

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Leon
Software Metering within our group of companies has always been an afterthought until auditing of software and licensing became a pain point. Orchestrator and SCCM metering gave us the answer and it was an exciting process.
The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question