First create new collections for all places there are systems in Active Directory OU's. When you have different OU's for desktops, laptops & specials for meaning, create collections for that systems also. It is also possible to bound user groups to it, which are useful for application deployment. I will write a new blog for App-V packages in ConfigMgr 2007 later on. On all of the collections you have the choice to configure systems or users/user groups.
I have created an "Virtual Machines" OU first. Now start a "Active Directory System Group Discovery". This can be found at Site Management > Site Server > Site Settings > Discovery Methods. This System Group Discovery must have the following settings: "Enable Active Directory System Group Discovery".
Choose the yellow star, and add the domain you are working with. In my case this is SystemCenter.com. First choose for the default AD settings: Local domain and Recursive will be default selected. It is also possible for selecting an specific OU, instead of complete discovery (see options below).
- Local domain: Browse for AD containers in the domain where the computer running the Configuration Manager 2007 console resides.
- Custom LDAP: Indicates that you want to browse for Active Directory containers. This option activates Browse.
- Recursive: Default. When selected, indicates that AD discovery searches child containers. Otherwise, child containers are not searched.
- Include groups: Not default. When selected, Active Directory discovery discovers objects within groups.
When choosing for Local domain (default option), the above screenshot will be displayed. Choose the Domainname for searching in all containers. The OU's with systems in it will be automatically recognized. (It is also possible for selecting an specific OU, instead of complete discovery).
On the tab "Polling Schedule" you can change the schedule option from 1 day to 1 hour or lower (best practice when using ConfigMgr 2007 R2). This because otherwise new Active Directory OU's will be synchronized once a day. With ConfigMgr 2007 R3 this is not needed anymore, so it doesn't have to be changed.
New in ConfigMgr 2007 R3 is "Enable delta discovery" which is default set on 5 minutes. This setting doesn't have to be changed, because this performs an intermediate discovery cycle adding only new resources to the ConfigMgr database. Choose also "Run full discovery as soon as possible" for recognizing Active Directory OU's immediately.
On the tab "Membership Rules" you can change the schedule option from 1 day to 1 hour or lower (best practice when using ConfigMgr 2007 R2). This because otherwise new systems will be synchronized to collections once a day. With ConfigMgr 2007 R3 this is not needed anymore, so it doesn't have to be changed.
New in ConfigMgr 2007 R3 is "Dynamically add new resources" which is default off. Choose to turn it on, because this allows you to more rapidly evaluate a collection membership by adding only newly discovered resources. Now open collection properties (in my case Virtual Machines), and click on the yellow (database) icon.
Give the query a name (in my case Virtual Machines) and choose for "Edit Query Statement". Let the option "Collection limiting" at default (Not collection limited), because when choosing "Limit to collection" not all the systems can be found.
When select OK a new windows will be opened. On the tab "Criteria" select the yellow star, and choose Select again (beneath "Simple value"). Choose here for the following options:
Fill in "System Resource" and "System OU Name" and select OK. In the next field choose Value (beneath "is equal to"). This will open a new window, with OU's recognized before (Active Directory System Group Discovery).
As you can see only 2 options are available. This because these are the only containers which contains systems. I choose "Virtual Machines" here, and select OK again. My Criterion properties has the following information now:
Choose OK multiple times now, and the configurating will be done. Now there is a new collection created, which is synchonizing from a Active Directory OU. When I choose Refresh, the systems in Active Directory will be automatically displayed in the "Virtual Machines" collection.
I hope you have enough information now for setting up a dynamic collection. When there are questions or other input, please add a comment to this blog, or contact me by e-mail.