Tag Archives: security group

Powershell: Create SCCM 2012 Collections Based on Active Directory Security Group

This script will significantly decrease the length of time taken to create device collections in SCCM. I created this script for a college where I deployed SCCM 2012, it allowed the college to mass create the device collections required for their environment.

First of all we will need to import the SCCM Powershell Module as shown below.
Note the SMSSITECODE variable will be your 3 letter SCCM Site Code and the location of the Module will need to match the installation path of SCCM.

Import-Module "C:\Program Files\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1" -Verbose
cd SMSSITECODE:

There are two parts to this script, the first is the command to create the new device collection (New-CMDeviceCollection) with its given parameters. The second is to add a query membership rule which will specify how the collection is populated (Add-CMDeviceCollectionQueryMembershipRule)

The RefreshType parameter in the example has been set to ‘Both’, this ensures the device collection is populated on the schedule which has been specified and it also uses the Incremental Updates setting of SCCM 2012 to ensure newly added devices in between the schedule are also added. The alternative options for this are ‘ConstantUpdate’, ‘Periodic’ or ‘Manual’.

The script below requires the following parameters in order to run:

  • Schedule Date: In the format of DD/MM/YYYY H:MM AM/PM
  • Schedule Day: Day of the week schedule will begin
  • Limiting Collection
  • Collection Name
  • Security Group Name: In the format of DOMAIN\\SecurityGroupName
#**************************************************************************
#      THE FOLLOWING SCRIPT WILL CREATE A COLLECTION BASED ON AN
#      ACTIVE DIRECTORY SECURITY GROUP
#**************************************************************************
#
#*******************PARAMETERS**********************#
#
#ENTER COLLECTION SCHEDULE DATE#
$ScheduleDate = "16/10/2014 9:00 PM"
$ScheduleDay = "Thursday"
#
$Schedule1 = New-CMSchedule -Start $ScheduleDate -DayOfWeek $ScheduleDay -RecurCount 1
$LimitingCollection = 'All Systems'
#
#ENTER NAME OF COLLECTION#
$CollectionName = "COLLECTION_NAME"
#
#ENTER NAME OF ACTIVE DIRECTORY SECURITY GROUP#
$SecurityGroupName = "DOMAIN\\SECURITY GROUP NAME"
#
#***********END PARAMETERS*********************
#
#*****DO NOT EDIT THE FOLLOWING SECTIONS********
#
#***NAME OF QUERY RULE WILL MATCH COLLECTION NAME#
#
$QueryRuleName = $CollectionName

$SecurityGroupQuery = "select *  from  SMS_R_System where SMS_R_System.SystemGroupName = '$SecurityGroupName' "

New-CMDeviceCollection -Name $CollectionName -LimitingCollectionName $LimitingCollection -RefreshSchedule $Schedule1 -RefreshType Both

Add-CMDeviceCollectionQueryMembershipRule -CollectionName $CollectionName -QueryExpression $SecurityGroupQuery -RuleName $QueryRuleName

I am working on an improvement to this script, which will allow you to choose from multiple queries to form the membership rule. Once complete I will post the complete script up on here.

Advertisements