none
Create Collection of Computers Based on AD User Group

    Вопрос

  • I'm trying to create a collection of computers based on whether the last logged in user is a member of an AD user group.

    I've found a couple of examples, but something is not right with the syntax.  People keep putting in xxxx/security group, but they don't say what xxx is supposed to be.  I've tried domain and it didn't work.

    Here is the example I have been working with:

    select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,
    SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName 
    like "XXX\\Sccm Deployment iTunes"

    If my domain name is ACME and my user/security group is Sales Team, how should I write this query?

    And before some helpful person points out the obvious, I know I really should learn SQL query language.  I'm trying to get around to it.

    Thanks

    6 июня 2012 г. 19:18

Ответы

  • What's the purpose of this collection?  Are you planning on setting up an advertisement to target this collection?

    If so, I would recommend taking a different approach...

    Create a collection similar to the following.  The member of your collection will be the security group, and thus the ultimate deployment decision will be made at the workstation rather than by the SCCM server.  I use this method extensively for multiple customers where optional software packages are advertised to users based on their security group membership.  The resulting collection will not show individual users or individual workstations; instead, you should see the security group name appear.  This is assuming that user-based advertisement targeting is enabled and you are discovering the security groups at each of your primary sites.

    select SMS_R_USERGROUP.ResourceID,SMS_R_USERGROUP.ResourceType,SMS_R_USERGROUP.Name,SMS_R_USERGROUP.UniqueUsergroupName,SMS_R_USERGROUP.WindowsNTDomain from SMS_R_UserGroup where UniqueUsergroupName in ("ACME\\Sales Team" )

    I like to prefix my application deployment security groups with the string "APP_", so my security groups would look like "ACME\\APP_Adobe Product XYZ"


    • Изменено Nick P. - Capgemini 7 июня 2012 г. 0:28
    • Помечено в качестве ответа bfatwow 15 июня 2012 г. 19:44
    6 июня 2012 г. 22:25

Все ответы

  • What's the purpose of this collection?  Are you planning on setting up an advertisement to target this collection?

    If so, I would recommend taking a different approach...

    Create a collection similar to the following.  The member of your collection will be the security group, and thus the ultimate deployment decision will be made at the workstation rather than by the SCCM server.  I use this method extensively for multiple customers where optional software packages are advertised to users based on their security group membership.  The resulting collection will not show individual users or individual workstations; instead, you should see the security group name appear.  This is assuming that user-based advertisement targeting is enabled and you are discovering the security groups at each of your primary sites.

    select SMS_R_USERGROUP.ResourceID,SMS_R_USERGROUP.ResourceType,SMS_R_USERGROUP.Name,SMS_R_USERGROUP.UniqueUsergroupName,SMS_R_USERGROUP.WindowsNTDomain from SMS_R_UserGroup where UniqueUsergroupName in ("ACME\\Sales Team" )

    I like to prefix my application deployment security groups with the string "APP_", so my security groups would look like "ACME\\APP_Adobe Product XYZ"


    • Изменено Nick P. - Capgemini 7 июня 2012 г. 0:28
    • Помечено в качестве ответа bfatwow 15 июня 2012 г. 19:44
    6 июня 2012 г. 22:25
  • Hello,

    in my opinion,you just have to enable Active directory User discovery to do this.And then have a report which gives you the details of the users who last logged in,if you want to find the last logged in user and with that report you can find if the last logged in user is an AD user or a non AD user.You can find more info on AD user discovery option here http://technet.microsoft.com/en-us/library/bb680740.aspx

    let me know if that clarifies.

    Thanks

    Arvind

    • Предложено в качестве ответа ArvindBS 7 июня 2012 г. 18:58
    • Отменено предложение в качестве ответа Robert Marshall - MVPMVP, Moderator 10 июня 2012 г. 13:53
    7 июня 2012 г. 18:55
  • You can have a report for the last logged-in user by using this login in SCCM 2007

    http://blogs.technet.com/b/configurationmgr/archive/2009/09/09/report-to-find-last-logon-details-of-each-computer-using-configmgr-2007.aspx

    thanks

    Arvind

    • Предложено в качестве ответа ArvindBS 7 июня 2012 г. 18:58
    • Отменено предложение в качестве ответа Robert Marshall - MVPMVP, Moderator 10 июня 2012 г. 13:53
    7 июня 2012 г. 18:58
  • There is no table or view as SMS_R_USERGROUP in sccm 2007 .

    27 июля 2012 г. 8:12
  • There is no table or view as SMS_R_USERGROUP in sccm 2007 .

    SMS_R_UserGroup is a WQL table name, it is to be used for query / collections.

    The same SQL view name is called v_R_UserGroup.


    http://www.enhansoft.com/

    27 июля 2012 г. 12:27