ConfigMgr Collection Query – Active Directory Security Group

The following WQL query statement can be used include an Active Directory Group in a Configuration Manager Collection.

To use you will need to create a new collection and add as a Membership Query Rule.

Note: You will need to replace “GRP_Group” with your AD group name.

select SMS_R_USERGROUP.ResourceID,SMS_R_USERGROUP.ResourceType,SMS_R_USERGROUP.Name,SMS_R_USERGROUP.UniqueUsergroupName,SMS_R_USERGROUP.WindowsNTDomain from SMS_R_UserGroup where SMS_R_UserGroup.UsergroupName = "GRP_Group"

How to create a new collection in SCCM

  1. With the Configuration manager Console window open
  2. Right-click the ‘Collections’ node and select ‘New Collection’
  3. SCCM-NewCollection1
  4. Enter in an appropriate name for the collection, for example “Workstations with Office 2010 SP1”
  5. SCCM-NewCollection2
  6. Click ‘Next’
  7. Click on the ‘Query Rule’icon (it looks like a yellow cylinder)
  8. SCCM-NewCollection3
  9. Enter an appropriate name for the query and limit to your workstation collection (if required – but NOT suggested for the Apple Mac Systems query!)
  10. SCCM-NewCollection4
  11. Click on the ‘Edit Query Statement’ button
  12. Select the ‘Show Query Language’ button
  13. Delete any text already in the ‘Query Statement’ box and copy and paste the query above into the box
  14. SCCM-NewCollection5
  15. Click ‘OK’ and then ‘OK’ to return to the New Collection Wizard
  16. Click ‘Next’,‘Next’,‘Next’ and then ‘Finish’
  17. You may need to refresh the collection before you’re able to see the clients listed, this is done by right-clicking on the new collection and selecting ‘Update Collection Membership’