Hi guys, I am having a bit of an issue with AD security group discovery at the moment. I am testing our ability to deploy applications based on security group membership (Computer objects). I have enabled 'Active Directory Security Group Discovery" and also Active Directory System Group Discovery" and run them both as soon as possible. In the adsysgrp.log file it appears as though discovery is taking place and discovering the newly created security group named "APP_SCCM_Microsoft_Office_2010_Professional" however when updating the "All Active Directory Security Groups" collection (the standard collection that ships with SCCM) it is not appearing. Very strange. Any ideas here? The site server has access to the system container and the site is configured to publish to Active Directory

The All Actve Directory Security Groups collection pulls data discovered from the AD Security Group Discovery. Data discovered with the AD System Group Discovery does not populate this collection, it is put directly into the resource objects. For deploying software to systems, you need to enable AD system discovery and AD System Group Discovery. AD security group discovery is not necessary (you actually could use it but it would require you to reboot your systems everytime you added them to or removed them from a collection). You can view the data collected by System Group Discovery by looking at the properties of any resource and scrolling down to System Group Names. You can query this field using the "System Resource" class aka SMS_R_System and the SystemGroupName attribute.Jason | http://myitforum.com/cs2/blogs/jsandys | Twitter @JasonSandys

Hi Jason, I can confirm that both AD system discovery and AD System Group discovery are enabled, I also ran a full discovery as soon as possible. So not sure why groups are not appearing in this collection, even after updating collection membership numerous times. So I suppose what I am saying here is that all of my Active directory discovery methods are enabled an have run but the All Active Directory Security Groups collection is not updating with members when I would be expecting it to. Im probably missing something obvious here...

When you say "groups are not appearing in the collection" - don't expect to see the group names. The group information will be added to the existing assigned computer objects. Make sure you check the adsysgrp.log file for further troublehooting.Kent Agerlund | My blogs: http://blog.coretech.dk/author/kea/ and http://scug.dk/ | Twitter @Agerlund | Linkedin: /kentagerlund

Have you reviewed the logs? Adsgdis.log is for AD Security group discovery.Jason | http://myitforum.com/cs2/blogs/jsandys | Twitter @JasonSandys

Hi Guys, Kent, I would have thought that I would see security group names in the collection "All Active Directory Security Groups" as in my live environment I can see these as group names for example Name: CANEAST\TelnetClients Resource Class: User Group Resource Jason, I have reviewed this and mentions something along the lines of INFO: discovered object with ADsPath = ....App_SCCM_Microsoft_Office_2010_Professional So it appears that it is discovering this object but not appearing in the security groups collection. Shall I provide a snippet of the log file for review? Thanks again

Hello - Did you try updating and refreshing the collection? Also, you can go through AD system group discovery flowchart this could help you in further troubleshooting... http://technet.microsoft.com/en-us/library/bb892802.aspx Anoop C Nair - This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Is there large number of collections? If so, the collection update refresh may be delay. Please check if the following hotfix helps: A long delay occurs when you click "Refresh" to view the latest membership in a dynamic collection on a System Center Configuration Manager 2007 SP2 site server You may change below registry key and set the value 50, so that it will not update status very frequently: HKEY_LOCAL_MACHINE\Software\Microsoft\SMS\Components\SMS_Collection_Evaluator\Collection Resync Frequency (0) Regards, Sabrina This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi guys, I have updated the collection many times with no result. Read the flowchart and cant associate anything here with what I am seeing. At the moment this is working in my live environment and updating with groups correctly so I have gone on to test here. Only thing is now in my live environment my collection is not populating with expected results. I have created another thread for this. So at the moment this issue remains unsolved