question

SAMUELVALAPARLA-3110 avatar image
0 Votes"
SAMUELVALAPARLA-3110 asked GarthJones-9654 published

SCCM Collection based on AD group having inconsistent results

Hi All,

We're running MECM 2010.

Have created a device collection with the below query which is basically populating the members from an AD Group.


select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "Domain_Name\\My_Testing"

The above query is giving different results (lesser members) than what we observe when directly checking the AD Group members in Users and Computers. Basically the SMS_R_System WMI class doesn't seem to have correct information pertaining to the AD group, as we have some machines not showing up in the query results. But the same machine shows up in the AD group membership under Users and computers.

And this seems to be a repetitive cycle. i.e. machine A doesn't show up in the collection today.. and then it shows up subsequently.. but then goes missing again.

I'm basically checking the SCCM Console as well as running AD Users and Computers on the Site Server itself, so I believe the same domain controller is being used. So my question is, what exactly populates the SMS_R_System WMI class and what could be the possible reasons for this inconsistent results?

Thank You

mem-cm-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GarthJones-8673 avatar image
1 Vote"
GarthJones-8673 answered GarthJones-9654 published

Your question is "loaded" as it will depended on a few things.

If the device does NOT have CM client on it, it will be populated by AD Group discovery or AD system discovery.
If the device HAS CM client on it, it will be populated by Heartbeat discovery. AND the device need to know that it belongs to the group (aka logon (reboot))

If the groups membership changes from one time to the next, that could be many things. Some of them are:

  • AD is having replication issues.

  • You have duplicated CM client GUIDs


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @GarthJones-8673 Thank You much for your inputs here. It looks like there were machines which belonged to 2 domains.. (machine first created in domain1, then scrapped and created in domain2).. Since the machine entry continued to exist in both domains, it looks like it impacted discovery as well as group membership. Atleast that's what I could deduce. There weren't any duplicate GUIDs I could find. Have advised to clean up the stale entry from domain1 and hopefully that should resolve this. Please let me know if I've missed something.

0 Votes 0 ·

As luck would have it, I did start a thread about duplicate NetBIOS names on twitter. https://twitter.com/GarthMJ/status/1436431180971356161 I know that @djammer and @AaronCzechowski say it should not matter, if you have duplicate NetBIOS names in CM but.... I still want to test this when I get a chance (that will NOT happening anytime soon), IMO RC will NOT work correct and I never even thought about discovery and how that will work...

All of this is just saying if you want to add more to the thread go for it.

0 Votes 0 ·
Amandayou-MSFT avatar image
0 Votes"
Amandayou-MSFT answered

Hi,

Haven't heard from you for some time, is Garth's answer helpful to you? If it is helpful, please accept answer. It will make someone who has the similar issue easily find the answer.

If you have any other issues, please don't hesitate to let us know.

Thanks and have a nice day.

Best regards,
Amanda

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.