Hi,

We want to use User based membership collection based on users in an AD group, and I was wondering what the difference is between a Query membership and a Direct membership (of an AD user group), since they both have to discover the user in the AD group at a set refresh interval. Which discovery method is the quickest if I add a new user to the AD group or remove the user? Is one discovery method more reliable than the other

This question must seem simplistic to more experience admins, but I can't see a difference between them, and I guess quite a few people have tested this scenario

T

Hi,

It is not the quickness that differs these two membership rules, but how dynamic is the point here.

In a Direct rule, you can add a user/computer to the collection and the membership of the collection will not change until the account is deleted from SCCM.

Whereas in a query rule:

if you create a query to add all users of a AD group,whenever a new user is added to AD group and is discovered by SCCM as part of AD group discovery,the user is added to Collection.

So direct rule is manual and Query rule is automated.

Hope this clarifies

Regards,

Manohar Pusala

Hi,

I'm using direct membership User Group, but that just displays the User Group when I click on show members. How do I see the individual Users within this User Group from the SCCM console?

Thanks

You really should use a Query based collection to do this. If you use the following SQL query

select SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain from SMS_R_User where SMS_R_User.UserGroupName = "<domain>\\<AD group>" 

Set the collection to update with 'Use incremental updates for this collection' also set the collection to update based on what ever schedule you want to use.

Then if you have the Discovery Method scheduled in Active Directory Group Discovery and Active Directory User Discovery to run prior to the collection update then you will see membership change accordingly. Doubling clicking the collection will show you all the members of the collection.