Hi, I use AD groups to assign apps to workstations. I setup query based collections to poll systems that are members of specific AD groups and advertise apps to the collection. Ex: I have a collection called AcrobatReader. It contains workstations that are members of the AcrobatReader AD group (done with a query). This collection has an Advertisement that installs AcrobatReader. For this to work, I have configured AD System Group Discovery to run on a daily basis. This captures new group membership and my collections update themselves every hour. This works well. However when I remove workstations from the AD group, this workstation remain in the collections. I know I have to enable “Delete Aged Discovery Data Task” for AD group membership removal to get updated in the SCCM records but this can be tricky since I have to “harmonize” this task with Hearbeat Discovery and Inventory scans. That is, I must make sure the Delete Aged Discovery data is not done more quickly than Heat Beat discovery and/or Inventory scans. I there a way to update AD group membership removal more efficiently/quickly? Or can anybody share how they manage this situation (or a similar situation). Thanks, Jesmat.

I've never heard of a way to get this to work quickly. I will add that I run heartbeat every 8 hours, running frequent heartbeats shouldn't be a problem if that's your main stumbling block. John Marcum | http://myitforum.com/cs2/blogs/jmarcum |

John, Thanks for the reply. I'm ok with having heartbeat at 8 hours or so. I'm more worried about having "Delete Aged Discovery Data" set at let's say every week, What happens with workstations that are turned off for more then a week (hence no heartbeat)? Will the workstation get deleted from the SCCM database? Thanks, Jestmat

I am not positive but I don't think so as long as the clear install flag hasn't cleared client = YES I believe the client record will remain but I could be wrong. Worst case it will come back when they return but as you stated I generally like to allow enough time for people to go on vacation and return without the computer or anything associated with it being removed from SCCM. John Marcum | http://myitforum.com/cs2/blogs/jmarcum |

Here is a Good Guide from windows-noob on Automatic removal of applications from computers,it requires you to create different collections based on the product ID (explined nicelY) . Aer you looking this kind of Way to do ? //Eswar Koneti @ http://eskonr.wordpress.com/ ****If a reply helps, please vote it as helpful. If a reply solves the issue, please mark it as an answer****

However when I remove workstations from the AD group, this workstation remain in the collections. I know I have to enable “Delete Aged Discovery Data Task” for AD group membership removal to get updated in the SCCM records [...] I there a way to update AD group membership removal more efficiently/quickly? There's no need for that task. Another discovery cycle will take care of that.

You need to make sure that your computers are in scope of the AD system group discovery, not only the groups. Know it sounds strange. If this is your structure... --| Company --| Application Groups --| Workstations ...your "Active Directory System Group Discovery" needs to cover either the full company or both Application Groups and Workstations, not only Application Groups. Otherwise resources are only added, not removed. You don't need to lower the "Delete Aged Discovery Data" interval.

Here is a Good Guide from windows-noob on Automatic removal of applications from computers. it requires you to create different collections based on the product ID (explined nicelY) . Aer you looking this kind of Way to do ? //Eswar Koneti @ http://eskonr.wordpress.com/

Risc, Indeed my “AD System Group Discovery” scope covers only the groups and not the workstations. So if the scope of the "AD System Group Discovery" includes the workstations also, it will remove any workstation group membership once this discovery has run? I’ll give this a try right now and let you know how it went. Jesmat

So if the scope of the "AD System Group Discovery" includes the workstations also, it will remove any workstation group membership once this discovery has run? Yes.

It worked beautifully! Thank you Risc (and to everybody)! Jesmat.