none
Powershell: get adgroupmembership changes of groups (computers/users) and import into sccm 2012 RRS feed

  • Question

  • Hi,

     

    We have a administration system which puts software requests in AD groups, these AD group are  polled by SCCM 2012 collections, to these collections software is deployed. These queries of SCCM collections puts a heavy load on SCCM whereas we want to move the load to another server.

    We can’t make the administration system put the computer objects directly in SCCM collections, therefore we would like to make a script that polls the limited number of AD groups and inserts the computer/user ojbects which are added/removed.

     

    So it would be something like

     

    Foreach ($adgroup in $adgroups)

    {

    Get-adgroupmembership $adgroup

    #See changes compared to previous check = $changedobjects

    Add-CMDeviceCollectionDirectMembershipRule -CollectionName "collection" -ResourceId ((Get-CMDevice -name $changedobjects).ResourceID )

     

    }

     

    Then there should be a check for errors and errors should be logged.

    I wonder if such a script doesn’t exist yet. If it does not, how would you approach this?

    Please advise.

    J.



    Jan Hoedt

    Monday, February 29, 2016 3:36 PM

Answers

  • This is a product specific request and should be asked in the SCCM forum.  Also look in  the repository.

    \_(ツ)_/

    • Marked as answer by janhoedt Thursday, March 3, 2016 4:34 PM
    Monday, February 29, 2016 4:37 PM

All replies

  • This is a product specific request and should be asked in the SCCM forum.  Also look in  the repository.

    \_(ツ)_/

    • Marked as answer by janhoedt Thursday, March 3, 2016 4:34 PM
    Monday, February 29, 2016 4:37 PM
  • Correct for the SCCM part, but that's already clear to me.
    The thing that I's specifically would like to know is howto check for changes in AD group memberships (computers/users added/removed) and catch these changes so they can be used to add/remove items from sccm collections.

    Jan Hoedt

    Thursday, March 3, 2016 10:22 AM
  • Actually, what my question is: what would be the best approach to get a list of computer-objects member of an AD group and list changes compared to last scan (then after it I can apply this logica to user-objects).

    Jan Hoedt


    Maybe I could use something like this: http://www.lazywinadmin.com/2013/11/update-powershell-monitor-and-report.html
    • Edited by janhoedt Thursday, March 3, 2016 10:27 AM Update
    Thursday, March 3, 2016 10:26 AM
  • I'll be more specific in another post.

    Jan Hoedt

    Thursday, March 3, 2016 4:34 PM