locked
Collection query statement - linking to and AD system group RRS feed

  • Question

  • Hi

    We have an interesting problem with linking a collection to an AD group using a query.  As we create the query on the collection in SCCM we reach a point where we have to enter a string of the form 'DOMAIN\groupname'. There is a drop down list and a blank space to enter a string.  The drop down list shows some but not all of the AD security groups that have been discovered by SCCM.  We are finding that our new AD group is never there and we have to enter the string.  Does anyone know how this drop down list of security groups is created and why there appears to be a limit to the number that is displayed?

    I ask this because thinking back prior to when we applied SP2 (years ago) we could wait for the AD system group discovery process to run and then simply choose the new one to link the collection with from the list.

    Its not causing us huge problems but we are interested to know what has changed and if we can fix it.

    Cheers!

    Wednesday, January 22, 2014 11:48 AM

Answers

  • Yes, I know this is an old post, but I’m trying to clean them up.

    The short answer to this is without the query you are trying to use there is no way to truly answer this.  

    The reason the query is need, is depend on how you are trying to select computer, you might have to wait for AD group discovery to run then wait for A computer to reboot to grab the access token then wait for heartbeat discovery to run and return result to CM07. Once the data is within the CM07 data base it will show up within the drop down list.


    Garth Jones | My blogs: Enhansoft and Old Blog site | Twitter: @GarthMJ

    • Proposed as answer by Garth JonesMVP Saturday, January 3, 2015 10:23 PM
    • Marked as answer by Garth JonesMVP Saturday, January 24, 2015 4:46 PM
    Sunday, December 28, 2014 3:48 PM

All replies

  • Have you reviewed your AD Security Group Discovery configuration and log file?

    Jason | http://blog.configmgrftw.com

    Wednesday, January 22, 2014 3:07 PM
  • Hi

    Yes the AD System Group and Security Group discoveries are working fine.  I can see the new security group being discovered in the logs.  It also appears in the 'All Active Directory Security Groups' collection.

    As I say I can add it to the query by simply typing its name as a string but I'm sure the drop down box used to list all of the discovered security groups but it doesn't any more.  The collection shows 1500 discovered security groups but the dropdown list in the query 'builder' only has around 50.

    Cheers

    Wednesday, January 22, 2014 3:28 PM
  • Can't you just type it in?


    John Marcum | http://myitforum.com/myitforumwp/author/johnmarcum/

    Wednesday, January 22, 2014 9:37 PM
  • Can't you just type it in?


    John Marcum | http://myitforum.com/myitforumwp/author/johnmarcum/

    Yes that is possible and it is what we have been doing.  I'm just interested to know where the drop down list that is there is populated from.
    Friday, January 24, 2014 7:33 AM
  • Yes, I know this is an old post, but I’m trying to clean them up.

    The short answer to this is without the query you are trying to use there is no way to truly answer this.  

    The reason the query is need, is depend on how you are trying to select computer, you might have to wait for AD group discovery to run then wait for A computer to reboot to grab the access token then wait for heartbeat discovery to run and return result to CM07. Once the data is within the CM07 data base it will show up within the drop down list.


    Garth Jones | My blogs: Enhansoft and Old Blog site | Twitter: @GarthMJ

    • Proposed as answer by Garth JonesMVP Saturday, January 3, 2015 10:23 PM
    • Marked as answer by Garth JonesMVP Saturday, January 24, 2015 4:46 PM
    Sunday, December 28, 2014 3:48 PM