deploy software through AD Groups linked to Collections in SCCM

[Max]

Hi,

 

I would like to know what is the advantage to deploy software through AD Groups linked to Collections in SCCM?

 

I actually use SCCM 2007 R2 (task and collection)

 

Thanks

 

Max

[anyweb]

the advantage is that you set the collections up (one time) and create the appropriate queries for those collections,

 

all you have to do after that is add (or remove) computers (or users) to the respective Active Directory Security Group, this makes things Dynamic in nature and needs a lot less work in the ConfigMgr console than if you were adding computers/users manually to the collections and/or advertising the software to those resources separately

[Max]

Thanks to the quick answer.

 

I try to explain the way I did.

 

We created an advertise folder, in which we advertised the tasks that we needed

 

 

to the collection below

 

 

That means if we have to make a new machine or install a new software package, we only have to advertise it to the collection.

 

Isn’t this way similar to the “AD Groups linked to Collections “process?

[anyweb]

and how are you adding computers/users to the collection ?

[Max]

Manually,

but even in AD you have to add computers manually to the applications group.

[anyweb]

well i think it's cleaner and more efficient (less prone to error) to add/remove users/computers to the respective Active Directory Security Group

, what if you have to add say 100 new computers ? 1000 ?

 

hopefully othes will add their opinion here also

[Lucid]

I'd also suggest looking into using Active Directory groups. You can then grant access to add/remove accounts to the domain group without having to give someone access to SCCM. Also, you can probably save time by using AD and a dynamic membership query. We actually set our advertisements to always rerun. This way, if an application gets uninstalled for some reason, the processes will later put the computer back into the collection and it'll get the app installed again.

 

Here's an example of a dynamic collection query that uses domain groups:

select SYS.ResourceID,SYS.ResourceType,SYS.Name,SYS.SMSUniqueIdentifier,SYS.ResourceDomainORWorkgroup,SYS.Client from SMS_R_System AS sys WHERE sys.ResourceID NOT IN (SELECT ARP.ResourceID FROM SMS_G_System_ADD_REMOVE_PROGRAMS AS ARP WHERE ARP.DisplayName = "Google Earth" AND ARP.Version = "5.2.1.1588") AND sys.SystemGroupName = "YourDomain\\SCCM-Google Earth 5.x"

 

Oh, and we limit our collections to another collection that only contains healthy clients (so we never beat our heads against the wall trying to figure out why the app isn't going out).

[Max]

I saw that here Dynamic you speak about MDT. Do we really need MDT to deploy software through AD or we can do without it?

[Peter van der Woude]

You can deploy software without MDT, it's only used in that post to deploy software during a Task Sequence.

[Max]

Sorry, I maybe made a question in a wrong way.

 

Do I need MDT to deploy software during a Task Sequence through AD Groups linked to Collections in SCCM?

[anyweb]

no you dont, but with MDT integration you can utilise the MDT scripts folder and the scripts therein, very useful