Part 2 – App-V 5.0 and Configuration Manager 2012 SP1 – User Collection Creation
Hi all,
In part 1 we introduced how you can leverage and use the Configuration Manager Powershell cmdlets but now it’s time to automatically deploy App-V 5.0 applications. What we’re going to do is the following:
· Automate the creation of the User Collection
· Automate the application import
· Automate the application distribution
· Automate the application deployment
Note: I’m not a Configuration Manager expert, I’m interested in how I can get a very similar experience to App-V 4.x full infrastructure functionality using Configuration Manager.
Creating the User Collection
Before we begin with some Powershell I want to give some context around how I’m going to deploy my applications. As per previous versions of App-V Full Infrastructure we used to use AD security groups to publish applications and that is what I want to do with Configuration Manager.
The first thing I need to do is enable “Active Directory Group Discovery” from within the Configuration Manager console, this is located in the following location “Administration - Hierarchy Configuration - Discovery Method”. Once I open this configuration I have enabled this discovery and set the scope to “LDAP://OU=App-V,DC=ConfigMgr,DC=Lab” so it just collects my App-V groups that I’ve created.
Once this has been enabled and the discovery has been completed the App-V Groups will be populated in the Users section of Assets and Compliance.
The first thing I need to do is load the Configuration Manager cmdlets. I’ve also added the AD User group for my Applications in the variable $AD_UserGroup.
$CM_Module = "D:\ConfigMgr\AdminConsole\bin\ConfigurationManager.psd1" $AD_UserGroup = "AppV_Notepad_5.9" Import-Module $CM_Module cd PRI: |
Now the module has been loaded I’m going to create my user collection using the following cmdlet New-CMUserCollection, but before I do this I need to understand how to use it. To get this information you can run the following which provides me with all the syntax.
Get-help New-CMUserCollection NAME New-CMUserCollection SYNTAX New-CMUserCollection -Name <string> -LimitingCollectionName <string> [-Comment <string>] [-RefreshType <RefreshTypes> {Manual | Periodic | ConstantUpdate}] [-WhatIf] [-Confirm] [<CommonParameters>] New-CMUserCollection -LimitingCollectionId <string> -Name <string> [-Comment <string>] [-RefreshSchedule <IResultObject[]>] [-RefreshType <RefreshTypes> {Manual | Periodic | ConstantUpdate}] [-WhatIf] [-Confirm] [<CommonParameters>] |
Before I run the cmdlet lets have a look at my “User Collections” before running the script, as you can see there is no group called “AppV_Notepad_59” created.
The command that I’m going to run is below, I’m using the variable $AD_UserGroup to be the name of my collection and then limiting the collection to “All User Groups”, you have an options to set it to either “All User Groups” or “All Users”, finally I’m setting the “RefreshType” to ConstantUpdate so if a user is added to that group its picked up by Configuration Manager.
# Create new User Collection using AD Group New-CMUserCollection -Name $AD_UserGroup -LimitingCollectionName "All User Groups" -RefreshType ConstantUpdate |
Now the User Collection has been created and within the Console it’s now populated.
Powershell
Configuration Manager Console
It is that easy? A single command creates my Collection and I’m ready to go?
The answer is no, if you check the membership rules from the properties of the collection there are no rules created, which means any application that I target to this collection will never be deployed.
So how do I now create a membership rule through Powershell? We can leverage the Add-CMUserCollectionDirectMembershipRule cmdlet.
Get-help Add-CMUserCollectionDirectMembershipRule NAME Add-CMUserCollectionDirectMembershipRule SYNTAX Add-CMUserCollectionDirectMembershipRule -CollectionId <string> -ResourceId <int> [-WhatIf] [-Confirm] [<CommonParameters>] Add-CMUserCollectionDirectMembershipRule -CollectionId <string> -Resource <IResultObject> [-WhatIf] [-Confirm] [<CommonParameters>] Add-CMUserCollectionDirectMembershipRule -CollectionName <string> -ResourceId <int> [-WhatIf] [-Confirm] [<CommonParameters>] Add-CMUserCollectionDirectMembershipRule -CollectionName <string> -Resource <IResultObject> [-WhatIf] [-Confirm] [<CommonParameters>] Add-CMUserCollectionDirectMembershipRule -Collection <IResultObject#SMS_Collection> -Resource <IResultObject> [-WhatIf] [-Confirm] [<CommonParameters>] Add-CMUserCollectionDirectMembershipRule -Collection <IResultObject#SMS_Collection> -ResourceId <int> [-WhatIf] [-Confirm] [<CommonParameters>] |
Looking into this cmdlet I realised I required the ResourceID of the group that had already been imported using the “Active Directory Group Discovery” which meant I had to find a way of finding this resourceID. If you right click on the group from the Users node you see the ResourceID specified as shown below.
So I started to look at some cmdlets to complete this. Straight away the Get-CMUser cmdlet seemed to make sense as I want a value from this part of Configuration Manager. I ran the following command to gather this information.
Get-CMUser | Select-Object Name,ResourceID |
Running this within Powershell provided the below, but do you notice if something is wrong?
What’s wrong is that it hasn’t pulled any of the AD Groups. To cut a long story short, I can’t find a way of using the Configuration Manager cmdlets to complete this, but this value for the groups must be stored in SQL? And it is…
From an automation perspective I don’t want to manually check this value before I run my script so why not leverage the SQL cmdlets.
Note: My SQL DB is on the same server as Configuration Manager so the cmdlets are available to me.
# Importing SQL Module to get the ResourceID of the group Import-Module SQLPS cd SQLSERVER: # Querying CM SQL database for AD Group specified as a variable $SQL_CMD = Invoke-Sqlcmd -Query "SELECT * FROM [CM_PRI].[dbo].[User_Group_DISC] where Usergroup_Name0='$AD_UserGroup'" # Getting the ItemKey (ResourceID) from the $SQL_CMD variable and placing it in a variable $ResourceID so I can use it will the Configuration Manager cmdlet $ResourceID = $SQL_CMD.ItemKey |
Now I have my ResourceID I can go back to Configuration Manager and run my cmdlet Add-CMUserCollectionDirectMembershipRule.
Note: Remember I have to go back to my Configuration Manager cmdlets using the “cd PRI:” command.
cd PRI: # Adding Direct membership rule to collection created above with the AD User Group Add-CMUserCollectionDirectMembershipRule -CollectionName $AD_UserGroup -ResourceID $ResourceID |
Now when I check the User Collection membership rules it has been populated.
The collection has now been created successfully and now I can deploy application to this collection.
Disclaimer
The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.
Conclusion
I hope this blog has helped you understand how to create your user collection automatically, in the next blog we will look at how you automate the application import.
David Falkus | Premier Field Engineer | Application Virtualization
Comments
Anonymous
January 01, 2003
Excellent Guides !! Thanks a lot David!! These are very helpful..Anonymous
February 28, 2014
Rather than SQL you can use WMI for make your own Get-CMGroup cmdlet
(gwmi -Class "sms_r_usergroup" -Namespace ("rootSMSsite_" + (get-cmsite).SiteCode) -ComputerName ((get-cmsite).ServerName) -Filter "name='$ad_groupname'").ResourceId