Monday, June 3, 2013

SCCM 2012 - Creating Device Collections From an Active Directory Organizational Unit

With our device discoveries up and running I wanted to dedicate this segment to creating device collections. This can be useful if you need to isolate specific devices for one reason or another, such as software polices or specific client settings. There are quite  a few different ways to setup Device Collections. I am going to focus on creating a collection based on OU's in Active Directory which in my opinion is one of the best ways to manage device collections long term as long as the device has the client installed on it.

In Assets and Compliance, Click Device Collections. You will see a few that are created automatically by default. Lets go ahead and make a new one. Right Click on Device Collections and Select Create Device Collection.

The Create Device Collection Wizard will open. Go ahead and give this collection a name and a description if you like, then Click Browse

For this example we will use All Desktops and Server Clients. Click OK then Click Next

 On the Membership Rules Click Add Rule then select Query Rule

This will bring up the Query Rule Properties window. Go ahead and give the query a name then Click Edit Query Statement

Go to the Criteria Tab then click on the Yellow Star

Leave the Criterion Type as Simple Value. Click Select

For the Attribute Criteria Select System Resource as the Atribute class and System OU Name for the Attribute. Click OK

Back on the Criterion Properties window Click Value.

You will be presented with all of the available OU's in your Active Directory structure. In the case of this lab we only have Domain Controllers and Servers (manually created). We highlight Servers and Click OK
Note - Only OUs that are populated with active (not disabled) computer objects will show up on this list. Empty OUs will not. 

Click OK

Click OK

Here you will see the fully built query. Click OK

So we have returned to our Membership Rules window. You can define if you want to run incremental scans by checking Use incremental updates for this collection. We are going to just use scheduled scans for this segment so lets go ahead and modify the discovery scan. Click Schedule

Since we have a fairly small amount of servers in our lab we are going to set the interval low. In a live production environment you wouldnt want to set it any lower than about once ever twenty-four hours as it will cause increased network traffic during the scans. We are going to run it every ten minutes. Click OK

Click Summary

You can review the results of the Collection. Click Next

You should get a success notification. Click Close

Back on the Device collection window you will see your newly created collection. It may take a few minutes to query depending on the size of your environment but if you refresh after a few minutes you should see servers being added to the collection. You can validate the collection by Right Clicking on it and selecting Show Members

More to come!

If you like this blog give it a g+1