Orchestration groups is one of the feature introduced in SCCM technical preview version 1909. You can create an orchestration groups in SCCM to control the deployment of software updates to devices.
If you have worked on Server Groups feature, the Orchestration Groups feature is the next version of it. And when you enable Orchestration Groups, the site disables the Server Groups feature to avoid any conflicts.
Note – As I mentioned earlier, the SCCM orchestration group is feature introduced with Technical Preview 1909 version. Probably you might see this feature in one of the current branch releases. Currently there are some orchestration groups known issues and I don’t think it is ready. I will cover that at the end of the post.
Orchestration Groups in Configuration Manager
Let’s understand about orchestration groups with an example. Assume that you are a Configuration Manager admin and one of your task is to manages updates for your organization. You are responsible for deploying updates to all the servers and workstations.
You deploy updates to clients and servers that are part of separate device collections. Among servers let’s say there are six SQL servers. The SQL administrators want you to patch these six servers in a specific order. And before you patch the instructions are to manually stop specific services before installing updates, and then restart the services afterwards.
I have dealt with such scenarios and it is difficult to update the servers when you have to perform some tasks before you patch. However with an orchestration group the task gets easier. You create an orchestration group and add all six SQL servers. You can also add pre- and post-scripts supplied by the SQL administrators and update the servers.
In the next step you create and deploy the software updates to the SQL server device collection. The SQL administrators run the deployment, and the orchestration group automates the order and services.
In addition to that above point, with an orchestration group you get the flexibility to update devices based on a percentage, a specific number, or an explicit order. This feature reminds me of Phased Deployments.
Most of all you can create an orchestration group and can add any client computer to it. An orchestration group is not limited just for servers. However Orchestration groups only apply to software update deployments.
Create an Orchestration Group in SCCM
- In the SCCM console, go to the Assets and Compliance workspace. Select the Orchestration Group node.
- Right click Orchestration Group and then click Create Orchestration Group.
Specify a name for the orchestration group and click Next.
You must enter the site code. Click Browse to add the resources or members.
You got several options to discover you resources. You can use Name String, Resource Type and choose to search devices in a collection. Select and Add the resources to the Orchestration Group.
The resources that you add should be listed under Selected resources. Click OK.
Click Next.
Orchestration Group Rules Selection Page
On the Orchestration group rules selection page, you see three rules.
- Allow a percentage of machines to be updates at same time.
- Allow a number of machines to be updates at same time.
- Specify the maintenance sequence – Add the resources and explicitly define the order in which devices run the software update deployment.
Click Next.
You can specify a PreScript (PowerShell script) to run on devices before you deploy updates to the group. In addition to that you can specify the script timeout in seconds. The script returns a value of 0 for success, or 3010 for success with restart. Click Next.
Define a PostScript (PowerShell Script) to run on devices after the deployment is complete. The script returns a value of 0 for success, or 3010 for success with restart. Click Next.
Finally on the completion page, click Close.
Deploy the software updates to this Orchestration group. Click this link to know how to deploy software updates. To monitor and troubleshoot orchestration group, refer the log files mentioned in the next section.
Under Orchestration group, you should find the new group that you just created. Right click on the group and you will see the following options.
- Show Members
- Start Orchestration
- Refresh
- Delete
Click Start Orchestration.
Click Yes.
Orchestration Group Log Files
If you have created an orchestration group, you can open the below log files for troubleshooting.
- Policypv.log – Shows that the site targets the orchestration group to the clients.
- SMS_OrchestrationGroup.log – Logs the behaviors of the orchestration group.
Orchestration Groups – Known Issues / Limitations
In the beginning of this post I mentioned that orchestration groups feature is not ready yet. This is because there are lot of known issues or limitations and Microsoft needs to fix them.
- You cannot add a machine to more than one orchestration group. This is a big limitation.
- When searching a collection to select resources for an orchestration group, you can only choose All Desktop and Server Clients.
- You cannot delete an orchestration group once you create it. I hope Microsoft fixes this soon.
Is it possible to return any other values in the pre-/post-script and have them evaluated by SCCM?
For example, return 0 if my pre-script was able to successfully prepare the node for the patching but return 1 if it was not? Assuming, SCCM would not patch the node and go to the next one if a pre-script returns 1?
Hi Prajwal,
Well created Orchestration groups and pushed the patches on servers but those patches showing failing in software center. Although its showing but failing to install. please guide
Patches will still only be installed in their maintenance window defined in other collections right?
Hello
I have seen many of your articles about SCCM and have been very helpful
I am NEW to SCCM worked with SMS long time ago.
I just got my Windows updates working setup ADR and software Groups All working fine thru first deployment this month. I have Windows Defender updates every day.
I use Nagios to monitor my Servers Desktops and Network equipment.
When I used WSUS to update my Servers and Desktops I had to manually update them all now SCCM does that for me Also this includes a restart I have a PowerShell command that starts a service that tells Nagios to place the server/computer into Maintenance Mode.
I ran that manually also on them.
Someone told me about SCCM orchestrator. So I installed that feature on my SCCM server.
I then created a Orchestration Group and in the Pre-Script Page I added this PowerShell command
start-service patches
I added the Servers from a group that was going to be updated that day.
On the server in Software Center no updates showed
I then deleted the Orchestration group
The they updates showed in Software Center.
I am on SCCM 2002
Am I missing something here.
Thank you
Tom
Orchestration groups are now able to be deleted.