locked
Is there a script, report or trick that would allow me to check in AD for computers in collection RRS feed

  • Question

  • Hello all

    Here is what I am trying to do. After I migrated our company from SCCM 2007R3 to SCCM 2012R2 out of 430 computers we have about 71 showing as no client for various reasons i.e (stale record in AD, Issues with client push on those machines). I created a Direct collection for just those machines because I am trying to validate if they are legitimate in AD. Is there a way in CM12 to search AD for those computers and generate some sort of report or list?

    Thanks in advance

    Phillip

    Thursday, July 24, 2014 4:37 PM

Answers

  • Hi Phil,

    You must be using some add-in to the Configuration Manager console, as those are not actions that I ever recall seeing in the console. You can do a push install of the client, but not an uninstall of it from the console. So must be using something else.

    if you see those systems in your Configuration Manager 2012 console, then you should be able to do a push of the client to them. You do NOT need to uninstall the ConfigMgr 2007 client first, that will happen when you launch the ConfigMgr 2012 Ccmsetup.exe program (from whatever method you do so).

    Wally


    Wally Mead

    Friday, July 25, 2014 3:23 PM

All replies

  • Just delete them. If they have non-disabled accounts in AD that can be resolved via DNS, then AD system discovery will pick them up again. However, the resource records don't migrate from 2007 to 2012 so the only reason they are in 2012 is because they were previously discovered in 2012 and thus are not disabled and resolvable via DNS. There's not much else you can tell about these systems from AD though and you'll have to begin manually validating them. If you have auto client push enabled, the ccm.log will tell you why it cannot push to them (there's also a report that summarizes the error codes from client push).

    Jason | http://blog.configmgrftw.com

    Thursday, July 24, 2014 5:56 PM
  • Just delete them. If they have non-disabled accounts in AD that can be resolved via DNS, then AD system discovery will pick them up again. However, the resource records don't migrate from 2007 to 2012 so the only reason they are in 2012 is because they were previously discovered in 2012 and thus are not disabled and resolvable via DNS. There's not much else you can tell about these systems from AD though and you'll have to begin manually validating them. If you have auto client push enabled, the ccm.log will tell you why it cannot push to them (there's also a report that summarizes the error codes from client push).

    Jason | http://blog.configmgrftw.com

    Thanks Jason! I am in the process of cleaning up AD and moving a bunch of computer that have not logged into the domain in the past 60-90 days. Since I don't have SCCM discovering any objects in that OU my hopes is that will help me purge out some of the non client systems. Because for now I have been logging into them one at a time and running this tool called ccmclean.exe I got from Anoops's sccm blog . It works like charm because some of the computers are not uninstalling via client push so I had to use this tool to rip it out. Then I manually installed the client on the computer using the source install files ccmsetup.exe /install quite smssitecode=mysiteservername this seems to work and everything is then populated. This is just such a long task. I will review the ccmset.log again.

    Thanks,

    Phil

    Thursday, July 24, 2014 7:26 PM
  • I'm confused, as client push does not uninstall a client, as you implied above. To uninstall a client the easy way is to run ccmsetup.exe /uninstall.

    Also, Configuration Manager 2012 has options to not discover systems that have not logged into AD, or changed the computer password, in x days. You can enable that on the Options tab of the Active Directory System Discovery method. That will help prevent ConfigMgr from rediscovering those systems again which are not active, and allow the Delete Aged Discovery Data task to remove them.


    Wally Mead

    Thursday, July 24, 2014 8:54 PM
  • Also, ccmclean is not supported. What's your real goal here? Are these existing systems you are decommissioning? If they simply need to be move to 2012, then you don't have to uninstall anything, just run ccmsetup on them and it will upgrade the client agent.

    I think you may be doing a combination of things and they are getting muddled together in your question and thinking.


    Jason | http://blog.configmgrftw.com

    Thursday, July 24, 2014 9:05 PM
  • I'm confused, as client push does not uninstall a client, as you implied above. To uninstall a client the easy way is to run ccmsetup.exe /uninstall.

    Also, Configuration Manager 2012 has options to not discover systems that have not logged into AD, or changed the computer password, in x days. You can enable that on the Options tab of the Active Directory System Discovery method. That will help prevent ConfigMgr from rediscovering those systems again which are not active, and allow the Delete Aged Discovery Data task to remove them.


    Wally Mead

    Hi Wally!

    Sorry for the confusion I was actually talking about when you right click the computer object and select deploy client. There is check box labeled "Uninstall existing Configuration Manager client before the client is installed". I have the System Discovery method set to not discover computers not logged in for the past 30 days. I guess my main problem is I have about 71 computer that either have no client or still have the old client from our CM07 server. The computers are all in the same OU that that rest of the computers are in and they all have the new CM12 client installed.

    Thanks,

    Phil

    Friday, July 25, 2014 1:19 PM
  • Also, ccmclean is not supported. What's your real goal here? Are these existing systems you are decommissioning? If they simply need to be move to 2012, then you don't have to uninstall anything, just run ccmsetup on them and it will upgrade the client agent.

    I think you may be doing a combination of things and they are getting muddled together in your question and thinking.


    Jason | http://blog.configmgrftw.com

    Hi Jason!

    These computers for the most part are legit since we are not discovering any computers beyond 30 days. I can run CCMSetup.exe without issue but there are like 68 computers. I could easily get our support team to assist in manually running ccmsetup on each one but I wanted to figure this out.

    Here is a snip from the CCMSetup.log file



    Phil Balderos

    Friday, July 25, 2014 1:35 PM
  • Hi Phil,

    You must be using some add-in to the Configuration Manager console, as those are not actions that I ever recall seeing in the console. You can do a push install of the client, but not an uninstall of it from the console. So must be using something else.

    if you see those systems in your Configuration Manager 2012 console, then you should be able to do a push of the client to them. You do NOT need to uninstall the ConfigMgr 2007 client first, that will happen when you launch the ConfigMgr 2012 Ccmsetup.exe program (from whatever method you do so).

    Wally


    Wally Mead

    Friday, July 25, 2014 3:23 PM