Go Premium for a chance to win a PS4. Enter to Win


SCCM - deploy using AD groups that have machine names

Posted on 2016-09-20
Medium Priority
Last Modified: 2016-10-09
Created a deployment application in SCCM and if I just create a deployment and ad some machine names it, it will deploy the software. However, I am trying to set it up so the helpdesk people only have to add a machine name into an AD group and the software will deploy
Running SCCM 2012. Configuration of deployment is as follows:

Administration – Discovery methods
      Active Directory Group Discovery
            Checked – enable active directory group discovery
            Scopes – domain/users – location – yes – Site Server
                  Polling schedule – enable delta – 5 mins
                  Options – checked – only discover computers that have logged in since 90 days
                        Checked – discover the membership of distribution groups
      Active Directory User Discovery
            Checked – Enable Active Directory User Discovery
            Path: LDAP://DC=domainname,DC=local
            Checked – Recursive search
            Polling schedule – checked – enable delta – set to 5 mins

Assets and Compliance
      Device collections
            SCCM – Office 2016 – member count 0, members visible on site 0 Referenced collections o
                        Name – SCCM – office 2016
                        Limiting collection – all systems
                        Type – device
                  Membership Rules -       
                        SCCM – Office 2016
                              Name – SCCM – Office 2016
                              System Resource
      SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "users\\SCCM - Office 2016"
                  Power management
                        Do not specify
                              Microsoft office Professions 2016 – application – Required – Install
                        Maintenance window – none specified
                        Collection variables – none specified
                        Out of band management – noe specified
                        Distribution point groups – none specified
                        Security – my account RMDRM
                        Alerts – none

Applications properties
      General Information
            Name: Microsoft Office Professional Plus 2016
            Administrator Comments: Deploy Office 2016
            Publisher – Microsoft
            Software version – 32 BIT
      Application catalog
            Language – English
            Localized description – Deploying office 2016
            Nothing applied
      Distribution Settings
            Distribution priority – Medium
            Automatically download content when packages are assigned to distro point
      Deployment Types
Microsoft Office Professional Plus 2016 - Windows Installer (*.msi file)
                  Allow clients to share content with other clients on same subnet
                  Slow – do not download
                  Uninstall - msiexec /x {90160000-0011-0000-0000-0000000FF1CE} /q
            Detection method – windows installer - {90160000-0011-0000-0000-0000000FF1CE} – this msi must exist
            User experience
                  Install for system
                  Whether or not a user is logged in
                  Max run time – 185
                  Estimated installation – 102
                  Determine behavior based on return codes
                  None listed
            Return codes – 0,1707,3010,1641,1618
            Dependencies – none listed
      Content locations
            \\sccm.domain.local – distribution point
            None listed

Deployment Config –
      Content – SCCM Server (Distribution Point)
      Deployment settings:
            Action – Install
            Purpose – required
            Check – Pre-Deploy software to the user’s primary device
            As soon as possible after the available time
      User experience
            Display in software center and show all notifications
            Check – software installation
            Check – System restart (if required)
            Check – Commit changes at deadline
            None set

Like I mentioned - the application does deploy if I create a deployment and just pick a few machines names, so I think the application part is OK, it is more likely in the device collection or some other system setting.

I did go to the client and went into control panel and Configuration Manager and manually ran all of the actions, then I let it bake overnight. Still nothing.
Question by:fcbc
  • 5
  • 3
LVL 10

Expert Comment

by:Muhammad Mulla
ID: 41806764
Have you created a dynamic collection based on a security group?

The method for creating one is detailed: https://blog.thesysadmins.co.uk/sccm-2012-creating-device-collections.html

Author Comment

ID: 41806935
I do, and it is documented above. The only difference in my query is I have

and your documentation uses:

Not sure if that makes a difference. I will change it and give it a try.

Author Comment

ID: 41807242
That did not make a difference, count is still 0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

LVL 10

Expert Comment

by:Muhammad Mulla
ID: 41807267
Has AD system group discovery been configured for the correct OUs? I would manually run a discovery as well

Author Comment

ID: 41807291
If I create a collection manually and add the machine name in there, the deployment works.
LVL 10

Expert Comment

by:Muhammad Mulla
ID: 41807404
Yes. It should. The problem seems to be with your dynamic collection.

Accepted Solution

fcbc earned 0 total points
ID: 41807411
FOUND IT! In the device collection my query was referencing our\groupnmane and it should have been referencing domain\groupname

Author Closing Comment

ID: 41835712
Found the typo

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question