Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 75
  • Last Modified:

Junior SCCM guy to top dog.

Greeting Experts,

I've been prepping a wim/task sequence for a USMT migration from Windows 7 to Windows 10, then my main SCCM Architect left. I was just told I'm inheriting the entire SCCM environment. Its a small shop about 250 users. They have 1 primary and 1 secondary servers. The main site has 240 users and the offsite datacenter has maybe 10 users. I've been packaging and deploying apps and OS's once before, but now I'm asked to upgrade all the Win Servers OS's from 2012 R2 to CB,  in addition to upgrading the SCCM servers to CB 1607 before the migration starts. I read up that all the CM Servers that are running Windows Server 2012 R2 need to be upgraded and all problems fixed before the SCCM servers are upgraded to CB 1607.  

I looked in the All Devices collection and there are over 650 pc/laptops and 350 servers so the SCCM guy that just left was not cleaning up AD or SCCM and I have a ton of duplicates devices to clean up and we don't have anything like a Nagios server to scavenge pcs that haven't been logged into in over 90 days.

Could you please point me in the right direction on maybe a PS script to check and see if the pc's in SCCM and AD are valid, logged into in the pass 90 days, are in a proper Computer AD-OU and don't have the Machine Account disabled?

Also all the monthly OS/Office monthly updates groups for the past year have a 36% to 54% success compliance rate. What else should I check on a daily bases?

Thanks!
0
Robbie Razor
Asked:
Robbie Razor
  • 3
  • 2
2 Solutions
 
Adam LeinssCommented:
If you go into the SCCM console, it will say "Yes" or "No" under the client installed field.  SCCM uses a heartbeat to determine whether a client is still active or not.   You probably want to go to the Devices collection and look at the computers where the client installed field is set to No and investigate those.  I would be careful about running any script and deleting any computer accounts.  You can get false timestamps depending on what DC the computer last logged into (this information is replicated every few months between DCs: it is not real time).

In terms of a health check...look under the Monitoring>System Status tab and and see if any errors pop up.  Everything should be green (hopefully).
1
 
yo_beeDirector of ITCommented:
How long have you been working with SCCM ?
0
 
Robbie RazorAuthor Commented:
Deploying apps 5 years & deploying OS's 3.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Robbie RazorAuthor Commented:
Thanks Adam!

Is it possible to do a In-place upgrade on the Servers OS version, SQL versions and SCCM version? I'm having 2 servers created to replace my Primary and Secondary servers.  

I have to move from these older version to newer, I'm 13 versions away from CB 1606.

1.) Move from Windows Server 2008 R2 to a new Windows Server 2012 R2 Datacenter.
Can I keep the current site codes?

2.) Upgrade and move DB from SQL 2008 Express to SQL 2012 R2.
How should I export the old CM database and then Import into the new SQL database?

3.) SCCM 2012 R2 to a new SCCM CB 1606 server.
What should I export from the old CM box and then Import into the new CM box?

Any links or guides would be great.

Thanks in advance!
0
 
Adam LeinssCommented:
If you have 250 users, I would personally just build a new SCCM server and then just push out the new client from the new server, unless you have a lot of customization on your current server.  Since you said your SCCM guy left, it would probably be a great time to do a little house keeping and you would then understand how SCCM works from the ground up.  You can actually erect a new SCCM server in your environment and have it disrupt nothing: just don't update AD with the new site code information (it should give you an option to defer this option) and don't allow automatic client push.

Then you can spin up VMs or go to clients and manually input the site code from your new server to do testing and when you are ready, then you can update AD with the site code information and then re-push the client to your 250 users.
0
 
Robbie RazorAuthor Commented:
Thanks Adam.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now