Group membership not updating collection membership
Hi Guys, I've got 2 collections that have application deployment advertisements targeted at them and the membership rules for these collections are based on AD group membership. I have AD delta discovery set to run every 5 minutes for each of the AD discovery methods, but when I remove a computer from one of these groups they do not get removed from the relevant collection, even if I do an Update Collection the computers still appear in there (and I've confirmed there is no direct membership rule for these PCs). I've waited about 2 hours and tried again but still the same. Any thoughts? Thanks, ChrisMy website: www.cjwdev.co.uk My blog: cjwdev.wordpress.com
February 10th, 2011 7:54am

Hello - AD delta discovery for which discovery specifically? Try to check Adsysgrp.log & Colleval.log for more details ? also, see http://myitforum.com/cs2/blogs/bgharbi/archive/2010/11/07/configmgr-r3-rtm-part-iv-active-directory-delta-discovery-and-dynamic-collection-evaluation.aspx Anoop C Nair
Free Windows Admin Tool Kit Click here and download it now
February 10th, 2011 8:05am

AD delta discovery for all of the discovery methods that have that option available. I'll have a look at the logs you mentioned, thanks :)My website: www.cjwdev.co.uk My blog: cjwdev.wordpress.com
February 10th, 2011 8:15am

Hi Chris, Delta discovery works for new objects only. When you add/remove an existing object to an existing group it will not be detected by Delta discovery.Kent Agerlund | My blogs: http://blog.coretech.dk/author/kea/ and http://scug.dk/ | Twitter @Agerlund | Linkedin: /kentagerlund
Free Windows Admin Tool Kit Click here and download it now
February 10th, 2011 8:33am

Oh right - I thought it just looked for anything that had changed. So if we want to deploy an app to a computer by adding them to an AD group, we have to accept that it will take up to 24 hours (or however long the full AD sync schedule is set to) before SCCM even realises the computer is in the group? Is there any way I can force it to pick up group membership changes right now? I tried doing Update Collection on the All Systems collection, my 2 app deployment collections, and the All Security Groups collection but none of these seem to have helped.My website: www.cjwdev.co.uk My blog: cjwdev.wordpress.com
February 10th, 2011 9:50am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics