I'm trying to create a collection of computers based on whether the last logged in user is a member of an AD user group. I've found a couple of examples, but something is not right with the syntax. People keep putting in xxxx/security group, but they don't say what xxx is supposed to be. I've tried domain and it didn't work. Here is the example I have been working with: select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName like "XXX\\Sccm Deployment iTunes" If my domain name is ACME and my user/security group is Sales Team, how should I write this query? And before some helpful person points out the obvious, I know I really should learn SQL query language. I'm trying to get around to it. Thanks

What's the purpose of this collection? Are you planning on setting up an advertisement to target this collection? If so, I would recommend taking a different approach... Create a collection similar to the following. The member of your collection will be the security group, and thus the ultimate deployment decision will be made at the workstation rather than by the SCCM server. I use this method extensively for multiple customers where optional software packages are advertised to users based on their security group membership. The resulting collection will not show individual users or individual workstations; instead, you should see the security group name appear. This is assuming that user-based advertisement targeting is enabled and you are discovering the security groups at each of your primary sites. select SMS_R_USERGROUP.ResourceID,SMS_R_USERGROUP.ResourceType,SMS_R_USERGROUP.Name,SMS_R_USERGROUP.UniqueUsergroupName,SMS_R_USERGROUP.WindowsNTDomain from SMS_R_UserGroup where UniqueUsergroupName in ("ACME\\Sales Team" ) I like to prefix my application deployment security groups with the string "APP_", so my security groups would look like "ACME\\APP_Adobe Product XYZ"

Hello, in my opinion,you just have to enable Active directory User discovery to do this.And then have a report which gives you the details of the users who last logged in,if you want to find the last logged in user and with that report you can find if the last logged in user is an AD user or a non AD user.You can find more info on AD user discovery option here http://technet.microsoft.com/en-us/library/bb680740.aspx let me know if that clarifies. Thanks Arvind

You can have a report for the last logged-in user by using this login in SCCM 2007 http://blogs.technet.com/b/configurationmgr/archive/2009/09/09/report-to-find-last-logon-details-of-each-computer-using-configmgr-2007.aspx thanks Arvind