After setting up a new domain and deploying SCCM 2012 I came to realize how much work it actually is to set up new applications. I have made a script which creates AD groups and Collections. I still create the Applications manually because they usually differ when it comes to how they need to be set up. Some products can be imported as Applications (MSI etc) while some (Autodesk products in particular) need to be set up as Packages.
Below you will find the script I made. Please note that it needs to be run from the SCCM server, or via remote Powershell/PSexec.
Also note that I wrote this script for application deployments towards Users, let me know if you need to Device-version.
# Create Collections 1.1 - heineborn.com 2012-11-16
#
# - EXECUTE -
# Run the script with the following syntax:
# .\Script.ps1 APP_Name_Version "This is my Application"
#
# - FUNCTION -
# Will create AD Groups and SCCM Collections
#
# - PRE-REQS -
# User needs administrative/modify privileges in SCCM and AD.
# Needs to be executed from SCCM server.
#
Import-Module ActiveDirectory
$CollectionName=$args[0]
$Description=$args[1]
cls
If (!$CollectionName) { $CollectionName = Read-Host "What should the Collection be called? (ex. APP_VideoLAN_VLC_3)" }
If (!$Description) { $Description = Read-Host "Describe the Collection. (ex. VLC Media Player)" }
$Sitename = "PRI" #Change this: SCCM site name
$Domain = "HEINEBORN" #Change this: Domain
$DC = "DC.HEINEBORN.LOCAL" #Change this: Domain controller
$GroupOU = "OU=Applications,OU=Groups,DC=HEINEBORN,DC=LOCAL" #Change this: OU to store Application/Collection groups.
$Namespace = "Root\SMS\Site_" + $Sitename
Function Create-Collection($CollectionName)
{
$CollectionArgs = @{
Name = $CollectionName;
CollectionType = "1"; # User Collection Type
LimitToCollectionID = "SMS00002" # All Users Collection
}
Set-WmiInstance -Class SMS_Collection -Arguments $CollectionArgs -Namespace $Namespace | Out-Null
}
Function Update-Query($CollectionName) {
$QueryExperssion = 'select * from SMS_R_User where SMS_R_User.UserGroupName = "' + $Domain + '\\' + $CollectionName + '"'
$Collection = Get-WmiObject -Namespace $Namespace -Class SMS_Collection -Filter "Name='$CollectionName' and CollectionType = '1'"
#Validate Query syntax
$ValidateQuery = Invoke-WmiMethod -Namespace $Namespace -Class SMS_CollectionRuleQuery -Name ValidateQuery -ArgumentList $QueryExperssion
If($ValidateQuery){
$Collection.Get()
#Create new rule
$NewRule = ([WMIClass]"\\Localhost\$Namespace`:SMS_CollectionRuleQuery").CreateInstance()
$NewRule.QueryExpression = $QueryExperssion
$NewRule.RuleName = $CollectionName
#Commit changes and initiate the collection evaluator
$Collection.CollectionRules += $NewRule.psobject.baseobject
$Collection.RefreshType = 6 # Enables Incremental updates
$Collection.Put()
$Collection.RequestRefresh()
}
}
New-ADGroup -Server $DC -Name $CollectionName -Path $GroupOU -groupScope Global -Description $Description
Create-Collection $CollectionName
Update-Query $CollectionName
Let me know if you run into any problems.
Share this post if you liked it!
Hi
Your script looks great. if you could send me the device collection version that would be great.
Thanks
Geoff
Hi Geoff,
Thanks for coming by.
To create a Device Collection you need to do two things. Change CollectionType to "2" and the Limiting Collection to "All Systems" (instead of All Users).
Go to Line 34 and change it to: CollectionType = "2";
And Line 35: LimitToCollectionID = "SMS00001"
And check line 43 for CollectionType, change the value it to: 2
If you have any issues or would like me to upload the full script, let me know.
/ J
Hi Joakim,
I have used your script to create groups in AD. Thank you very much to point me in the right direction. Planning to upgrade to SCCM 2012 this year and I will come back here :).
Glad to help Ivan.
Good luck with your upcoming upgrade!
What is this format ? How to get this?
$GroupOU = "OU=Applications,OU=Groups,DC=HEINEBORN,DC=LOCAL" #Change this: OU to store Application/Collection groups.
Hi Chinmay,
Edit the value to the Organizational Unit where you want to store the Active Directory groups.
The value is a "distinguishedName", you can find it by right-clicking on the OU you want to use and enter Properties, then go to the "Attribute Editor" tab and scroll down to "distinguishedName".
Best regards,
Joakim
In my situation we have our application servers grouped via Universal security groups. There are over 60 said AD groups and I want a quick way to script existing security groups into Dynamic device collections in SCCM.
I say dynamic because I want the collection membership to be linked to the AD security group membership. I have found other scripts that export the members of the security group into the collection. The collection is then static and if servers are added and removed from the security group the collection does not update. Is there a way to do this?
I have a collection group would like this to be added to the AD security group and maintain sync by adding or removing member from AD group based on action performed on this collection.
Thanks for your script. For device collection, should the query expression be?
$QueryExperssion = 'select * from SMS_R_System where SMS_R_System.SystemOUName = "' + $Domain + '\\' + $CollectionName + '"'