In today’s post, let’s find out the easiest way to create an SCCM query to group users All Active Directory Security Groups discovery. And then, you shall see how to use the WQL query to create a Dynamic user Collection.
ConfigMgr 2002 version has 17 out-of-box WQL queries available ready to use. Today, we will see All Active Directory Security Groups – Which contain data only from Active Directory Group Discovery. You can find more details about the Easiest Method to Create SCCM WQL Queries for Collection.
If you want to learn more about creating dynamic collections and queries, refer to the following blog post – How to Create SCCM Dynamic Collection – Part 2. Let’s find out some quick and easy ways to create SCCM WQL queries.
As mentioned, about SCCM 2002 version comes with 17 out-of-box WQL queries. You are not very well versed in creating dynamic collection queries using WQL? Don’t worry! You can get some ready-made WQL queries from this post.
- Navigate to Monitoring workspace – \Monitoring\Overview\Queries
- Right-click on the Query called All Active Directory Security Groups.
- Select Properties.
- Let’s look into the WQL query available below.
- The query type is User Group Resource.
- Click on the Edit Query Statement button to see more details.
NOTE! – This default SCCM query type is User Group Resource. So, you can create this only user group collection using this dynamic query.
All Active Directory Security Groups WQL Query
The following is the query that is available to use in the dynamic collection. This query shall help you find the active directory user groups discovered using the SCCM AD security group discovery method.
select Name, UsergroupName, WindowsNTDomain, NetworkOperatingSystem, AgentName, AgentSite, AgentTime, ResourceId, ResourceType, UniqueUsergroupName from sms_r_usergroup where AgentName = 'SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT'
Use WQL Query to Create Dynamic User Group Collection
Let’s try to use the above-mentioned WQL query to make a dynamic user group collection. More details about the process of creating a dynamic collection are explained here.
- Navigate to SCCM console – Assets and Compliance – User Collections
- Right-click and select “Create User Collection” from User Collections node
- On the General page provide a Name and a Comment. Then, in Limiting collection, choose to Browse to select a limiting collection. The collection will only contain members from the limiting collection.
- On the Membership Rules page of the Create User Collection Wizard, in the Add Rule list, select the type Query Rule membership rule for this collection. You can configure multiple rules for each collection.
- On the Membership Rules page of the Create User Collection Wizard, in the Add Rule list, select Query Rule.
- On the Query Rule Properties windows
- Name: Specify a unique name (my query name = User Name Starts with Anoop).
- Resource class: Select the type of resource you want to search for and add to the collection. You have to select the User Resource to create a Dynamic User Collection in SCCM.
- Click on Import Query Statement
- Select User resource type queries available.
- Select All Active Directory Security Groups query.
- Click OK, OK, and OK to complete the wizard.
You can run the All Active Directory Security Groups.
- \Monitoring\Overview\Queries\Results for All Active Directory Security Groups
You can check the dynamic user collection results.
- \Assets and Compliance\Overview\Users\AD Group
And both the results are the same as expected!