I have been working with a customer who recently added many new OU’s (Organizational Unit) to Active directory. The customer told us to create SCCM collections based on the Active Directory OU. In this post I will cover the steps to create device collections based on AD OU.
To create SCCM collections you require a query. However you can achieve this task using PowerShell as well. In this post I will make the use of Query rule to create device collection.
I have noticed many organizations still use Active Directory groups or Organizational Unit to do operational tasks in SCCM. Even though it’s not efficient method but it’s still used. Once you create the collection, whenever the OU’s are updated with new clients, it would update SCCM collection.
Useful Info – For Windows Server device collection, read this post and for Windows 10 SCCM device collection, refer this post.
Create SCCM Collections based on Active Directory OU
The below procedure shows you how to create the SCCM device collections based on Active Directory OU.
Prerequisites
- You must have the list of OU names handy. This will help you while creating the device collection.
- Add the OUs under Active Directory System discovery. This is an important step because the OU’s have to be discovered before you use them in your query.
- Sufficient permissions to create device collection.
Create SCCM Device Collection
- In the SCCM console, navigate to Assets and Compliance > Overview > Device Collections.
- Right click and select Create Device Collection.
On the General page, specify the name of the collection. Click Browse and select Limiting Collection. Click Next.
On Member Rules page, click Add Rule > Query Rule.
Add SCCM Query
On the Query Rule Properties window, type the name of the collection. Ensure the Resource class is System Resource. Click Edit Query Statement.
On the Query Statement Properties box, click Criteria tab and click yellow icon.
On the Criterion Properties box, click Select button.
Select Attribute class to System Resource and Attribute to System OU Name.
Set the Operator value to is equal to. Click Value button.
Select Active Directory OU
In the Values window, select the Active Directory OU. The SCCM device collection that you create will include all the computers from this OU. Click OK.
The criteria that you chose is displayed. Click OK.
On the Query Rule properties window, you can now view the query. Click OK.
Back to Membership Rules page, click Next.
On the Completion window click Close.
In the SCCM console, under Device Collections, you should see the OU based collection. You may right click the collection and click Update Membership if you don’t see any member count.
This was perfect! Thank you!
Thank you! You are the best person to follow for a newbie to MECM (SCCM) Administrator such as myself. This exactly what I needed on my job today!!
How do i create a collection of all devices that are not in active directory using this method?.
Please note they were in active directory but they no longer are in active directory.
Thank you for this nice clear instructions. Worked exactly as I needed it.
I followed this and it works very well. The problem we are seeing is not that some computers are not showing up that are ctually in that particular OU. The issue is that we are seeing many other objects in the query run complete listing which are not there when you look inside ADUC. In ADUC, I see only 2 computers, but in the query I see 10. What causes this? It’s like ghosted objects that might have once been located in this OU. Any info on how to fix this?
Best instructions I have seen in a long time, exactly what I needed Thanks!
Thank you !!!
Your posts are always excellent!
This is exactly what I was looking for!
Thank you!
looking of your help in SCCM. I am getting Problem at “Select Active Directory OU” step. here i have found same OU name in two row, one along with complete OU structure and one only OU name. Hence it give me error for some OU while creating collection of devices. what i am suppose to do. Please help me to solve the problem