locked
Pushing Applications using AD Group membership RRS feed

  • Question

  • I have setup several Applications to install to device collections based on AD Security Group membership.  What are the variables involved in the time it takes for a device that gets added to an AD Security Group setup in this way to receive the Application on the client?  Here's my understanding but would appreciate confirmation:

    1. Computer object is added to AD Security Group
    2. SCCM AD Group Discovery "Delta Discovery" runs (Default, 5 min)
    3. Collection gets updated:
      1. Can be set to Incremental defined as "periodically" (what's the actual interval?)
      2. Can be set to Scheduled (default is 7 days)
    4. Application Deployment Evaluation Cycle runs on client(Default, 7 days)

    If I'm correct here, it could potentially take as long as 2 weeks for an environment left in the Default configuration.  What ways can this be expedited that will not negatively impact SCCM and/or Client performance?  Thanks!

    Monday, October 15, 2018 7:00 PM

Answers

  • Hi,

    It is the Machine Policy evaluation cycle that refreshes the machine policy, the Application deployment evaluation cycle runs per default once a week and that cycle checks that all applications are installed that are required on the machine. It uses the detection method to determine if the application is installer or not.

    so process would be:

    1. Ad delta discovery finds the updated group membership (default 5 min)

    2. Incremental update updates the collection(default 5 min)

    3. machine policy downloads the new policy and execute the installation. (default 1 h can be changed in most environments)

    So worst case 5+5+60 if incremental updates are used and default machine policy interval..

    regards,
    Jörgen


    -- My Enterprise Mobility blog ccmexec.com -- Twitter @ccmexec

    • Marked as answer by Admin_Rob Monday, October 15, 2018 10:32 PM
    Monday, October 15, 2018 8:52 PM

All replies

  • Hi,

    It is the Machine Policy evaluation cycle that refreshes the machine policy, the Application deployment evaluation cycle runs per default once a week and that cycle checks that all applications are installed that are required on the machine. It uses the detection method to determine if the application is installer or not.

    so process would be:

    1. Ad delta discovery finds the updated group membership (default 5 min)

    2. Incremental update updates the collection(default 5 min)

    3. machine policy downloads the new policy and execute the installation. (default 1 h can be changed in most environments)

    So worst case 5+5+60 if incremental updates are used and default machine policy interval..

    regards,
    Jörgen


    -- My Enterprise Mobility blog ccmexec.com -- Twitter @ccmexec

    • Marked as answer by Admin_Rob Monday, October 15, 2018 10:32 PM
    Monday, October 15, 2018 8:52 PM
  • Excellent, thank you Jörgen!

    Monday, October 15, 2018 10:32 PM