Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


SCCM - deploy using AD groups that have machine names

Posted on 2016-09-20
Medium Priority
Last Modified: 2016-10-09
Created a deployment application in SCCM and if I just create a deployment and ad some machine names it, it will deploy the software. However, I am trying to set it up so the helpdesk people only have to add a machine name into an AD group and the software will deploy
Running SCCM 2012. Configuration of deployment is as follows:

Administration – Discovery methods
      Active Directory Group Discovery
            Checked – enable active directory group discovery
            Scopes – domain/users – location – yes – Site Server
                  Polling schedule – enable delta – 5 mins
                  Options – checked – only discover computers that have logged in since 90 days
                        Checked – discover the membership of distribution groups
      Active Directory User Discovery
            Checked – Enable Active Directory User Discovery
            Path: LDAP://DC=domainname,DC=local
            Checked – Recursive search
            Polling schedule – checked – enable delta – set to 5 mins

Assets and Compliance
      Device collections
            SCCM – Office 2016 – member count 0, members visible on site 0 Referenced collections o
                        Name – SCCM – office 2016
                        Limiting collection – all systems
                        Type – device
                  Membership Rules -       
                        SCCM – Office 2016
                              Name – SCCM – Office 2016
                              System Resource
      SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "users\\SCCM - Office 2016"
                  Power management
                        Do not specify
                              Microsoft office Professions 2016 – application – Required – Install
                        Maintenance window – none specified
                        Collection variables – none specified
                        Out of band management – noe specified
                        Distribution point groups – none specified
                        Security – my account RMDRM
                        Alerts – none

Applications properties
      General Information
            Name: Microsoft Office Professional Plus 2016
            Administrator Comments: Deploy Office 2016
            Publisher – Microsoft
            Software version – 32 BIT
      Application catalog
            Language – English
            Localized description – Deploying office 2016
            Nothing applied
      Distribution Settings
            Distribution priority – Medium
            Automatically download content when packages are assigned to distro point
      Deployment Types
Microsoft Office Professional Plus 2016 - Windows Installer (*.msi file)
                  Allow clients to share content with other clients on same subnet
                  Slow – do not download
                  Uninstall - msiexec /x {90160000-0011-0000-0000-0000000FF1CE} /q
            Detection method – windows installer - {90160000-0011-0000-0000-0000000FF1CE} – this msi must exist
            User experience
                  Install for system
                  Whether or not a user is logged in
                  Max run time – 185
                  Estimated installation – 102
                  Determine behavior based on return codes
                  None listed
            Return codes – 0,1707,3010,1641,1618
            Dependencies – none listed
      Content locations
            \\sccm.domain.local – distribution point
            None listed

Deployment Config –
      Content – SCCM Server (Distribution Point)
      Deployment settings:
            Action – Install
            Purpose – required
            Check – Pre-Deploy software to the user’s primary device
            As soon as possible after the available time
      User experience
            Display in software center and show all notifications
            Check – software installation
            Check – System restart (if required)
            Check – Commit changes at deadline
            None set

Like I mentioned - the application does deploy if I create a deployment and just pick a few machines names, so I think the application part is OK, it is more likely in the device collection or some other system setting.

I did go to the client and went into control panel and Configuration Manager and manually ran all of the actions, then I let it bake overnight. Still nothing.
Question by:fcbc
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
LVL 10

Expert Comment

by:Muhammad Mulla
ID: 41806764
Have you created a dynamic collection based on a security group?

The method for creating one is detailed:

Author Comment

ID: 41806935
I do, and it is documented above. The only difference in my query is I have

and your documentation uses:

Not sure if that makes a difference. I will change it and give it a try.

Author Comment

ID: 41807242
That did not make a difference, count is still 0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

LVL 10

Expert Comment

by:Muhammad Mulla
ID: 41807267
Has AD system group discovery been configured for the correct OUs? I would manually run a discovery as well

Author Comment

ID: 41807291
If I create a collection manually and add the machine name in there, the deployment works.
LVL 10

Expert Comment

by:Muhammad Mulla
ID: 41807404
Yes. It should. The problem seems to be with your dynamic collection.

Accepted Solution

fcbc earned 0 total points
ID: 41807411
FOUND IT! In the device collection my query was referencing our\groupnmane and it should have been referencing domain\groupname

Author Closing Comment

ID: 41835712
Found the typo

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question