SCCM Query All Active Directory Security Groups Dynamic Collection

In today’s post, we will learn the easiest way to create an SCCM query to group users and discover All Active Directory Security Groups. Then, we will see how to use the WQL query to create a Dynamic user Collection.

In Configuration Manager, you can create and execute queries to pinpoint objects within the hierarchy that meet your specific criteria. These objects can encompass various items, such as particular types of computers or user groups. Queries can also retrieve multiple Configuration Manager objects, including sites, collections, applications, and inventory data.

The ConfigMgr 2002 version has 17 out-of-box WQL queries available and ready to use. Today, we will see All Active Directory Security Groups, which contain data only from Active Directory Group Discovery. You can find more details about the Easiest Method to Create SCCM WQL Queries for Collection.

To learn more about creating dynamic collections and queries, refer to the following blog post – How to Create SCCM Dynamic Collection – Part 2. Let’s find some quick and easy ways to create SCCM WQL queries.

Patch My PC
Index
SCCM Query
All Active Directory Security Groups WQL Query
Use WQL Query to Create Dynamic User Group Collection
Results
SCCM Query All Active Directory Security Groups Dynamic Collection – Table 1

SCCM Query

As mentioned, the SCCM 2002 version comes with 17 out-of-box WQL queries. Are you not very well versed in creating dynamic collection queries using WQL? Don’t worry! You can get some ready-made WQL queries from this post.

  • Navigate to Monitoring workspace – \Monitoring\Overview\Queries
  • Right-click on the Query called All Active Directory Security Groups.
  • Select Properties.
SCCM Query All Active Directory Security Groups Dynamic Collection - Fig.1
SCCM Query All Active Directory Security Groups Dynamic Collection – Fig.1

Let’s look into the WQL query available below.

  • The query type is User Group Resource.
  • Click on the Edit Query Statement button to see more details.

    NOTE! – This default SCCM query type is User Group Resource. So, you can create this only user group collection using this dynamic Query.

    SCCM Query All Active Directory Security Groups Dynamic Collection - Fig.2
    SCCM Query All Active Directory Security Groups Dynamic Collection – Fig.2

    All Active Directory Security Groups WQL Query

    The following Query is available in the dynamic collection. It will help you discover active directory user groups using the SCCM AD security group discovery method.

    select Name, UsergroupName, WindowsNTDomain, NetworkOperatingSystem, AgentName, AgentSite, AgentTime, ResourceId, ResourceType, UniqueUsergroupName from sms_r_usergroup where AgentName = 'SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT'
    SCCM Query All Active Directory Security Groups Dynamic Collection - Fig.3
    SCCM Query All Active Directory Security Groups Dynamic Collection – Fig.3

    Use WQL Query to Create Dynamic User Group Collection

    Let’s try using the WQL query to make a dynamic user group collection. More details about the process of creating a dynamic collection are explained here.

    • Navigate to the SCCM console –  Assets and Compliance – User Collections.
    • Right-click and select “Create User Collection” from the User Collections node.
    • On the General page, provide a Name and a Comment. Then, in Limiting collection, choose Browse to select a limiting collection. The collection will only contain members from the limited collection.
    • On the Membership Rules page of the Create User Collection Wizard, in the Add Rule list, select the Query Rule membership rule type for this collection. You can configure multiple rules for each collection.
    • On the Membership Rules page of the Create User Collection Wizard, in the Add Rule list, select Query Rule.
    • On the Query Rule Properties windows
      • Name: Specify a unique name (my query name = User Name Starts with Anoop).
      • Resource class: Select the type of resource you want to search for and add to the collection. You must select the User Resource to create a Dynamic User Collection in SCCM.
      • Click on Import Query Statement
      • Select User resource type queries available.
      • Select All Active Directory Security Groups query.
      • Click OK, OK, and OK to complete the wizard.
    SCCM Query All Active Directory Security Groups Dynamic Collection - Fig.4
    SCCM Query All Active Directory Security Groups Dynamic Collection – Fig.4

    Results

    You can run the All Active Directory Security Groups.

    • \Monitoring\Overview\Queries\Results for All Active Directory Security Groups
    SCCM Query All Active Directory Security Groups Dynamic Collection - Fig.5
    SCCM Query All Active Directory Security Groups Dynamic Collection – Fig.5

    You can check the dynamic user collection results.

    • \Assets and Compliance\Overview\Users\AD Group
    SCCM Query All Active Directory Security Groups Dynamic Collection - Fig.6
    SCCM Query All Active Directory Security Groups Dynamic Collection – Fig.6

    And both the results are the same as expected!

    Resources

    We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

    Author

    Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His primary focus is Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

    Leave a Comment

    This site uses Akismet to reduce spam. Learn how your comment data is processed.