Table of Contents
. What are SCCM Collections
. How to Create SCCM Collections
. Example of Query Rule for All Builds of Windows 10
. Example of Query Rule by OU from Active Directory
. Example of Query Rule by adding single machines
. Example of Exclude Collection Rule
Affiliate: Experience limitless no-code automation, streamline your workflows, and effortlessly transfer data between apps with Make.com.
What are SCCM Collections
Microsoft SCCM Collections are lists of devices that you can define which devices exactly will be there. You can add them manually, you can use Organizational Unit from Active directory, you can use all names that answer to specific template with wildcards, you can use specific objects from SCCM (Like Distribution Points, Managements Points, etc.), Servers, Workstations. These lists are fully customizable. Later you can Deploy anything to these collections: Applications, Packages, Updates, Basement Configurations, Task Sequences, etc.
How to Create SCCM Collections
*** Microsoft provides in depth guide to SCCM Collection Creation.
There are different types of SCCM collections you can create. What is actually different between the collection types is the “Define membership rules for this collection” stage of the creation in Microsoft Software Center Configuration Manager. Here are the main steps (without the “Define membership rules for this collection” step, which will be covered separately later in the article for each type), for all the collection types with notes:
1. Open “Configuration Manager Console”
2. Goto => Assets and Complicance => Device Collections
3. RightClick anywhere in "Device Collections" or in any folder you created there => Create Device Collection
3.1. New window will open:
"Specify details for this collection"
Name: Windows 10 All Builds
*** Or any other name you would like to. In addition, we'll be covering a specific build. So, you might add the build that you’re working with.
Limiting collection: [Browse] => All Workstations
*** Performance-wise it is better to limit from the main Workstations collection. You can choose any other collection, but don't go too deep in the collection levels. It can slow down your database performance.
[Next]
"Define membership rules for this collection"
[ ] Use incremental updates for this collection
*** Wouldn’t recommend this option in large environments or you will overload your SQL Database with frequent queries. This option doesn’t require to schedule Collection Update, but it occurs every 5 minutes and can slow down SCCM SQL queries dramatically. The best practice is to set incremental updates only on first level of limiting the collection from [All Systems] which can be found in [General].
[V] Schedule a full update on this collection
*** 7 days is a standard. If you’re in a middle of environment establishment, you can lower the number of days to 1 and get collection updates once a day. Remember though as much as your Database updates are more frequent, you will have more load on the Database because of these queries. Another thing you need to remember when limiting from another collections is Time Schedule. This is when the collection is updated.
If upper collection is updated at 15:00 (it might take time for the collection update. Depending on your SQL server resources), this collection needs to be updated at least at 15:30 (it is better to take safety time before updating the next collection in line). So it won’t get a time delay in the update, as you intended to update once a day, but because of the user error in time setting, you will get an update after almost two days. You can see that problem in the example of the upper collection update at 15:00 and current collection at 14:50. Current collection will be updated from the upper collection with yesterday’s values. Because upper collection will be updated with today’s values half an hour after the current collection updates.
[Next]
"Confirm the settings"
[Next]
"The Create Device Collection Wizard completed successfully"
[Close]
4. Your collection is created => RightClick it => Update Membership => [Yes]
The last step is needed if you don’t want to wait a day and you want to see the result now.
You will see a sand clock near the icon of the collection – it means it’s updating.
Example of Query Rule for All Builds of Windows 10
Here is the “Define membership rules for this collection” step for collection by Operating System (Specifically Windows 10). There is also an option to define a particular build of Windows 10:
"Define membership rules for this collection"
[Add Rule] => [Query Rule]
Name: Windows 10 All Build Query
Resource class: System Resource
[Edit Query Statement…]
[Criteria]
[*] Create new with star sign
Criterion Type: Simple value
Where: [Select]
Attribute class: System Resource
Alias as: <No Alias>
Attribute: Operating System Name and Version
*** You can make it Build Specific:
*** Attribute class: Operating System
*** Attribute: Build Number
[OK]
Operator: is like
*** Because we're using wildcards (%%) in the value, the operator must be "is like", but if you need the exact value, the Operator can be "is equal to".
Value: %Workstation 10.0%
*** First "%" means that it doesn't matter what will be before Workstation and second "%" means it doesn't matter what will be after 10.0
*** You can check which versions are exactly available in your environment from [Value…] Options
*** If you chose Build, then you can write the exact build of the system you need, also exact Builds in your environment can be found in [Values…]
[OK]
[OK]
[OK]
[Next]
Example of Query Rule by OU from Active Directory
In Microsoft System Center Configuration Manager, you can build a Collection by Active Directory Organizational Unit. A task a bit different than of building a collection by Operating System. Returning a bit backwards, this time we’ll begin our process from “Define membership rules…” as the previous window settings for you to choose after you understood the previous statements.
"Define membership rules for this collection"
[Add Rule] => [Query Rule]
Name: By OU
Resource class: System Resource
[Edit Query Statement…]
[Criteria]
[*] Create new with star sign
Criterion Type: List of values
Where: [Select]
Attribute class: System Resource
Alias as: <No Alias>
Attribute: System OU Name
[OK]
Operator: is in
Value to add: *Paste here canonical name of the OU object from AD*
*** Example: domain.com/OU1/OU2/OU3
*** You can find the canonical name of the OU in Active Directory. Find your Organizational Unit => RightClick => Properties => [Object] tab
[Add >]
Do the same for all the other OUs that you might have
[OK]
[OK]
[OK]
[Next]
For the last configuration to work, you need to check in the Discovery settings that you have your OU in the Active Directory defined:
Administration => Hierarchy Configuration => Discovery Methods => DoubleClick "Active Directory System Discovery"
[General]
[V] Enable Active Directory System Discovery
Active Directory containers: *Check that you have your OUs here and they're recursive if needed*
*** If you don't have the needed OUs, just add them with the star sign "*".
[OK]
To check the discovery log, visit the Logs folder on your Primary Site:
\Program Files\Microsoft Configuration Manager\Logs\adsysdis.log
Example of Query Rule by adding single machines
Another thing that is important to know is adding single computers to your collection definition:
"Define membership rules for this collection"
[Add Rule] => [Direct Rule]
"Welcome to the Create Direct Membership Rule Wizard"
[Next]
"Locate resources to add to the collection"
Resource class: System Resource
Attribute name: Name
Type: String
[ ] Exclude resources marked as obsolete
[ ] Exclude resources that do not have the Configuration Manager Client installed
Value: <Type here the name of the computer that is available in your Active Directory>
[Next]
*** You can use wildcards with "%" sign. If you write only one name, then in the next step will contain only this name on the computer list (if it exists in the collection you limited from). If you want to list all the computers from the limiting collection, simply use
*** Value: %
*** [Next]
*** If you have like a hundred of computers in order like: Server001, Server002, Server003 … Server100
*** You can also use a wildcard to show all these servers:
*** Value: Server%
*** [Next]
"Select resources to add as direct members to the collection"
[V] Server001
[ ] Server002
[V] Server003
*** Select all the computers that you need
[Next]
"Confirm the settings"
[Next]
"The Create Direct Membership Rule Wizard completed successfully"
[Close]
[ ] Incremental
[V] Schedule update
[Next]
Example of Exclude Collection Rule
The last thing, you can create a particular collection (Let’s say only build 1903 only) and Exclude it from the main “Windows 10” collection. This can be done at the same menu of [Add Rule]. Just choose “Exclude Collection” and select the collection of only Build 1903.