Let’s learn how to Deploy Application Based on Active Directory System Description using ConfigMgr (a.k.a SCCM). I have been using the AD system description to create a dynamic collection and deploy applications based on the description. Well, it’s SCCM Application Deployment Based on System Description!
You can collect the description of systems from SCCM AD system discovery. This is the method many organizations use to identify the devices from different departments in the organization.
For example, the Finance department might have “Finance” in the description field of the system record. More details are in the following sections. This method is effective to automate many things in the cooperation within the Active Directory environment.
As an SCCM admin, you might have come across through requirement where you need to target bulk applications for a certain department on devices. There are different ways of doing it manually, managing those devices and adding to collection (for the small environment), creating an AD security group for different departments, and populating it in SCCM; starting from version 1906, you have the option of application groups, etc.
I will tell you one more way to manage and populate these devices based on the Active directory Computer account description in this post.
Prerequisites – Application Deployment Based on System Description
The first point is that Active directory system discovery should be ‘enabled’ in your environment to discover computers (which I am considering is otherwise, this post is not relevant for you).
NOTE! – By default, the computer account description is not populated in SCCM, so how to enable it?
- Open your SCCM Console
- Go to Administration>>Discovery methods and right-click on ‘Active Directory System Discovery’
Once you right-click on properties you will see below:
- Search for the description attribute in ‘available attributes’
- Click on Add.
Once you click on Add. You will see ‘description’ now under ‘Selected attributes’
- Click on ‘Apply’ and then ‘Ok’.
Since you have added this attribute recently it will take some time to get the data populated in SCCM depending on your polling schedule and success DDR (data discovery record).
Active Directory System Discovery is recorded in the file adsysdis.log in the <InstallationPath>\LOGS folder on the site server. More details on SCCM AD system discovery.
Validating the Attribute is Populated
Let’s validate the attribute now. You can follow the steps to confirm whether the attribute is populated in SCCM DB or not.
- Open SCCM Console
- Go to ‘Assets and Compliance’,>>Devices, right-click on any device, and open properties.
- In the ‘General’ tab, you will see the description attribute is populated.
Adding Description in Computer Account
If you are working as a support team member, I think you will be having access to ‘Active directory users and computers’ in your environment.
- Open ‘Active Directory Users and Computers’, and find the computer account.
Right-Click on the computer account and open properties. Type ‘Description’ of this computer account according to your requirement, like I have used ‘Finance’.
- Click on Apply and OK.
Query to Populate machine in SCCM Collection
Now. Let’s find out the ConfigMgr dynamic collection query to populate all the devices with Finance as a description.
- It is always good to create a collection with the department name you have provided in the description.
In the Membership Rules tab Click on ‘Add Rule’ and select Query Rule.
A new Windows with query rule properties will open, provide it a name and click on ‘Edit query statement.’
Once you get the below windows click on ‘show query language’ and paste the below WQL Query.
WQL Query – Dynamic Collection Creation Based on System Description
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Description = "Finance"
- You will see after some time that the machine gets populated in the Collection.
Result and How to Use Dynamic Collection with Apps
Now with this, you can add this collection to different application deployments collection with the ‘Include Collection’ option (choose wisely your evaluation for collection)
If you rebuild a machine also this machine will get populated in required collections and automatically it will get all the applications.
In the future, if more machines are added to the ‘Finance’ department, just add the description in the Active Directory computer account to get all required applications.
- You can also target the ‘Application Group’ to these collections.
- Check the Pros and cons of using the application group here
On how to create Application Groups, follow the link here
4 thoughts on “SCCM Application Deployment Based on System Description | ConfigMgr”
I am trying to test the same scenario and possible start targeting system/Users this way. But I do not see ‘description’ available. Only admindescription. Are there any extra steps that I am missing?
Both adminDescription and Description attribute are different, adminDescription is for displaying information on administration screen.
In the System discovery you can check for available attributes and search for ‘description’ and then add it.If you right click on any computer object in AD you can find Description available under ‘General’ tab of Computer Object properties.
We are on 1910 I do not see this option. great article!
I am also on 1910 and it is there, Description is Active directory attribute which should be available to add as part of system discovery.