How to Configure Active Directory Security Group Discovery

Article
05/03/2011

Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

You configure the Active Directory Security Group Discovery settings, in Microsoft System Center Configuration Manager 2007, by modifying the necessary site control file settings.

To configure Active Directory Security Group Discovery

Set up a connection to the SMS Provider.
Make a connection to the Active Directory Security Group Discovery section of the site control file by using the SMS_SCI_Component class.
Loop through the array of available properties, making changes as needed.
Commit the changes to the site control file.

Example

The following example sets the Active Directory Security Group Discovery settings by using the SMS_SCI_Component class to connect to the site control file and change properties.

For information about calling the sample code, see Calling Configuration Manager Code Snippets.

Sub ConfigureADSecurityGroupDiscoverySettings(swbemServices,    _
                                      swbemContext,             _
                                      siteCode,                 _
                                      serverName,               _
                                      newStartupSchedule,       _
                                      enableDisableDiscovery)

    ' Load site control file and get the SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT section.
    swbemServices.ExecMethod "SMS_SiteControlFile.Filetype=1,Sitecode=""" & siteCode & """", "Refresh", , , swbemContext
                    
    Query = "SELECT * FROM SMS_SCI_Component " &                         _
    "WHERE ItemName = 'SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT|" & serverName & "' " &  _   
    "AND SiteCode = '" & siteCode & "'"           
    
    ' Get the SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT properties.
    Set SCIComponentSet = swbemServices.ExecQuery(Query, ,wbemFlagForwardOnly Or wbemFlagReturnImmediately, swbemContext)
                       
    ' Only one instance is returned from the query.
    For Each SCIComponent In SCIComponentSet

        ' Display the server name.
        wscript.echo "Server: " & SCIComponent.Name      
    
        ' Loop through the array of embedded SMS_EmbeddedProperty instances.
        For Each vProperty In SCIComponent.Props
            
            ' Setting: Startup Schedule
            If vProperty.PropertyName = "Startup Schedule" Then
                wscript.echo " "
                wscript.echo vProperty.PropertyName
                wscript.echo "Current value " &  vProperty.Value1               
                
                ' Modify the value.
                vProperty.Value1 = newStartupSchedule
                wscript.echo "New value " & newStartupSchedule
            End If
            
            ' Setting: SETTINGS
            If vProperty.PropertyName = "SETTINGS" Then
                wscript.echo " "
                wscript.echo vProperty.PropertyName
                wscript.echo "Current value " &  vProperty.Value1               
                
                ' Modify the value.
                vProperty.Value1 = enableDisableDiscovery
                wscript.echo "New value " & enableDisableDiscovery
            End If
                
         Next
         
         ' Update the component in your copy of the site control file. Get the path
         ' to the updated object, which could be used later to retrieve the instance.
          Set SCICompPath = SCIComponent.Put_(wbemChangeFlagUpdateOnly, swbemContext)

    Next
                          
    ' Commit the change to the actual site control file.
    Set InParams = swbemServices.Get("SMS_SiteControlFile").Methods_("CommitSCF").InParameters.SpawnInstance_
    InParams.SiteCode = siteCode
    swbemServices.ExecMethod "SMS_SiteControlFile", "CommitSCF", InParams, , swbemContext
      
    ' Release the copy of the site control file.
    swbemServices.Get("SMS_SiteControlFile").ReleaseSessionHandle swbemContext.Item("SessionHandle").Value

End Sub

public void ConfigureADSecurityGroupDiscoverySettings(WqlConnectionManager connection,
                                                      string siteCode,
                                                      string serverName,
                                                      string newStartupSchedule,
                                                      string enableDisableDiscovery)

{
    try
    {
        // Connect to SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT section of the site control file.
        IResultObject siteDefinition = connection.GetInstance(@"SMS_SCI_Component.FileType=2,ItemType='Component',SiteCode='" + siteCode + "',ItemName='SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT|" + serverName + "'");

        // Create temporary copy of the embedded properties.
        Dictionary<string, IResultObject> embeddedProperties = siteDefinition.EmbeddedProperties;

        // Enumerate through the embedded properties and makes changes as needed.
        foreach (KeyValuePair<string, IResultObject> kvp in siteDefinition.EmbeddedProperties)
        {
            // Setting: Startup Schedule
            if (kvp.Value.PropertyList["PropertyName"] == "Startup Schedule")
            {
                Console.WriteLine();
                Console.WriteLine(kvp.Value.PropertyList["PropertyName"]);
                Console.WriteLine("Current value: " + kvp.Value.PropertyList["Value1"]);

                // Change value using the newStartupSchedule value passed in.
                embeddedProperties["Startup Schedule"]["Value1"].StringValue = newStartupSchedule;
                Console.WriteLine("New value    : " + newStartupSchedule);
            }

            // Setting: SETTINGS                    
            if (kvp.Value.PropertyList["PropertyName"] == "SETTINGS")
            {
                Console.WriteLine();
                Console.WriteLine(kvp.Value.PropertyList["PropertyName"]);
                Console.WriteLine("Current value: " + kvp.Value.PropertyList["Value1"]);

                // Change value using the newEnableHeartbeatDDR value passed in. 
                embeddedProperties["SETTINGS"]["Value1"].StringValue = enableDisableDiscovery;
                Console.WriteLine("New value    : " + enableDisableDiscovery);
            }
        }

        // Store the settings that have changed.
        siteDefinition.EmbeddedProperties = embeddedProperties;

        // Save the settings. 
        siteDefinition.Put();
    }

    catch (SmsException ex)
    {
        Console.WriteLine("Failed. Error: " + ex.InnerException.Message);
        throw;
    }
}

The example method has the following parameters:

Parameter	Type	Description
connection	Managed: WqlConnectionManager VBScript: SWbemServices	A valid connection to the SMS Provider.
siteCode	Managed: String VBScript: String	The site code.
serverName	Managed: String VBScript: String	The server name.
newStartupSchedule	Managed: String VBScript: String	The new schedule.
enableDisableDiscovery	Managed: String VBScript: String	A value to enable or disable the discovery method. Disabled - INACTIVE Enabled - ACTIVE

Compiling the Code

This C# example requires:

Namespaces

System

System.Collections.Generic

System.Text

Microsoft.ConfigurationManagement.ManagementProvider

Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine

Assembly

adminui.wqlqueryengine

microsoft.configurationmanagement.managementprovider

Robust Programming

For more information about error handling, see About Configuration Manager Errors.

Security

For more information about securing Configuration Manager applications, see Securing Configuration Manager Applications.