Create SCCM Device Collection Based On AD Security Group Membership

In this article I will show you how to create a device collection in SCCM based on an AD Security Group Membership.

A few days ago I was asked to create an SCCM device collection where it pulled the members from an AD group. I thought this will be easy to setup.

I was wrong, its not as strait forward as you would think.  Below I will show you how to do it.

Create SCCM Device Collection Based On AD Security Group Membership

To create an SCCM device collection based on an AD Security group membership follow these steps.

  • First step is to open “Active Directory Users and Computers”
  • Create an AD security group, Give a group name, Make sure Group scope is set to Global and group type set to security
  • Now add the required users and machines in to this AD group
ad group membership
  • Next open the configuration manager console and go to \Administration\Overview\Hierarchy Configuration\Discovery Methods, Make sure the “Active Directory Group Discovery” is enabled, then right click on “Active Directory Group Discovery” and click “Run Full Discovery Now”
  • Now go to \Assets and Compliance\Overview\Device Collections, Click on Create Device Collection
  • Give the device collection a name and select the limiting collection
  • Click Next
  • Select add rule and click Query Rule
  • Give the Query a name, then click on Edit Query Statement
  • Click on the Criteria tab, then click add (Sun icon)
  • Click select
  • Attribute class : Select System Resource, then for Attribute : Select System Group Name
  • Click ok
  • Make sure Operator is set to “is equal to” and in Value manually enter %DOMAINNAME%\%GROUPNAME% if you click on value you can browse the AD groups, But in my experience recently created groups take a long time to show in this list, and sometimes dont show at all. Bug possibly?
  • Click ok
  • Click ok
  • Click ok
  • Click next
  • Click next
  • Click close
  • Right click on the device collection we created and click update membership
  • Right click on the device collection we created and click refresh
  • The device collection will now update with the machines in the AD group
sccm collection with membership

כתיבת תגובה

האימייל לא יוצג באתר. שדות החובה מסומנים *

Back To Top
Receive the latest news

Subscribe To Our Tech Newsletter

Get notified about new articles