Add AD Group as collection to SCCM

Hi All,

In this article I am going to show you how to create a dynamic collection of a security group fromActive Directory, sometimes we want to deploy task sequence or any application on the specific group. We have two options to do that, the first one is doing it manually what I do not recommend, create a new collection and just add a computer by computer to the collection,

The second and efficient option is to create a collection by AD group, for example, if you have IT, computers Group called “IT_COMPUTERS” you can use in the following query which will allow you to create a new collection that based “IT_Computers” Group and in addition if sometimes you’ll add any new computer object to the group it will update the collection dynamically

  • Make sure you are creating the collection by query rule and not direct rule

Add AD group:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,

SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.

Client from SMS_R_System where SMS_R_System.SecurityGroupName = “Pelegit.co.il\\IT_Computers

Add AD group which contains computers that start with specific letter or number:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,

SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,

SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.

Client from SMS_R_System where SMS_R_System.SystemOUName = “Pelegit.co.il/computers” and SMS_R_System.Name like “COM%” ( It could help you with filter)

Create a system collection which contains all machines with “Google Crome” or “X” software installed

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,

SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,

SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.

Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.

ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like “%Google Chrome%”