Jaa


How to add a Known/Unknown Computer to a specified collection during OS Deployment

Have you ever wondered why a ConfigMgr client takes a long time to run the advertised programs after you deploy this client using ConfigMgr OSD? Well, this is because as soon as the machine is imaged, it gets added to the ‘All Systems’ collection and gets the advertisements/policies that are targeted to the All Systems collection. But what if your advertisements are not targeted to the default All Systems collection, and instead are targeted to a custom query based collection? In that case, the newly imaged machine doesn’t get added to the custom collection until it sends the inventory AND the collection updates based on its schedule and finds the machines that fulfill the query condition to add the machine(s) to the collection, and in turn triggering the creation of policies for these clients. Until this happens, there are no Advertisements for this newly imaged client to run(unless of course, they were targeted to the All Systems collection). This is why you may notice a delay of up to 24 hours or more until you see the newly imaged clients processing all the Advertisements that you expect them to execute.

One way to workaround this delay is to add the machine to the desired collection(s) manually, and give it about an hour to request for new policies. However, this is a tedious task. Another way is to somehow add the computer to the desired collection during the OSD Task Sequence run-time. This would result in the computer pulling all the policies targeted to the desired collection immediately after it is imaged. I wrote a script that can be used to do just that. All you need to do is to add a ‘Run Command Line’ task to the Task Sequence and specify the following Command line:

cscript AddMeToCollection.vbs <SiteServerName> <CollectionID> %_SMSTSClientIdentity%

In the above command line,
<SiteServerName> needs to be replaced with the SMS Site Server Name
<CollectionID> needs to be replaced with the desired Collection ID

Thats all that you need to edit in the above command line. However, you need to make sure that you run this command line as an account which has rights to connect to the SMS Provider. If the account running this command does not have the required rights, then the script will fail to execute. Regardless of the Success/Failure, you would see the return code in the SMSTS.log, which may be useful during troubleshooting.

You can find this script attached here. I hope you find this post useful.

IMPORTANT: Using the example above works in my lab, however information in this post is provided "AS IS" with NO Warranties, or Support.

Vinay Pamnani | Support Engineer

Comments

  • Anonymous
    September 01, 2010
    Awesome!! That's a fantabulous piece of info .. :)

  • Anonymous
    September 02, 2010
    How about a script that queries SCCM for all collections a computer belongs to, save that to a variable and then post, add the computer back into all those collections?

  • Anonymous
    September 02, 2010
    Just a little tweak: you are creating a direct membership rule using "oCollection.AddMembershipRule oDirectRule". So there's no need to trigger an update of the collection membership (oCollection.RequestRefresh False) afterwards if I am not mistaken (because direct membership clients are inserted directly into the corresponding table without the need for collection evaluator to run).

  • Anonymous
    September 02, 2010
    Good but AS soon the computer is newly imaged(member in AD) and discoverd by SCCM,it will be added to SCCM Database and based on the collection membership updatation,the newly computer will be added to all the collections where the collection query matches to the computer if i am not worng. Is there any necessity to send the hardware information before getting the computer policies ?

  • Anonymous
    September 07, 2010
    Excellent!Thank you so much for that information, I wanted to try this in our lab before we implement in one of our customer place ,kindly let me know is there any specific part of the TS where we should put this in or can we just add it somewhere after Setup Windows and ConfigMgr task during the PostInstall Phase. Thanks once again!

  • Anonymous
    September 07, 2010
    The comment has been removed

  • Anonymous
    September 19, 2010
    Hi have a question, I am trying to use that script and I have an error message telling me "Could not find the Resource ID for the computer. Exiting!". I did the test on another test lab and the script worked. The only difference is: LAB A: my SQL server is on another server, the script is not working LAB B: My SQL server is on the same server as my SMS provier. Is there a way to make it work in LAB A wihtout many changes? Mathieu

  • Anonymous
    September 21, 2010
    The comment has been removed

  • Anonymous
    September 21, 2010
    My bad, thank you for the information I was with the idea that it was getting the info right from the database. I did made some more test and find out that the account I was using was the real problem, everything else was working but again there was some permission missing. Sorry for my other post :) Mathieu

  • Anonymous
    September 22, 2010
    Hi, Thanks for your script. I m working on a SCCM deployment scenario and I've found some month ago a script named collad.vbs (google it to find it) which is doing the same thing (I think). I would like to use this script to install sofware update during workstation installation. But to do that there are 4 steps to accomplish :

  • Add to a static collection (your script)
  • Refresh policy
  • trigger schedule (or software update deployment)
  • remove from collection. I need to work on the last 3 steps, if someone know how to do that ? Thanks
  • Anonymous
    September 26, 2010
    What security rights does the "Run As" account require to perform this action in SCCM?

  • Anonymous
    September 27, 2010
    Great now how do you remove it from the collection AFTER the machine is built?

  • Anonymous
    November 02, 2010
    Nice Post Vinay, but this may not work in scnerios where machine should be added to multiple collections for software packages, Since we have seperate collection for each package/advertisement and its not practical to include all those collection in script.

  • Anonymous
    November 04, 2010
    You are absolutely correct Sir! I know this would not be a good solution in a scenario where multiple collections are involved, however I provided this as an example, and it's fairly easy to modify the script to read from a text file containing the collection ID's of all the collections, and then add the machine to them. However, this is where R3 comes in the picture, and with features like Delta AD Discovery and Dynamic Collection Updates, we hopefully would never need to use any such scripts/workarounds anymore.

  • Anonymous
    January 22, 2011
    for more computer queries computer-query.blogspot.com

  • Anonymous
    March 30, 2011
    Thank you very much! Exactly what we need for our deployment. Great work, keep it up!

  • Anonymous
    August 18, 2011
    Everytime i try to implement this script it gives me this error: Error connecting to rootsms namespace to find Provider Location. Exiting! Now i think this is because of permissions to the server, however now i use a domain admin account as RUNAS and tested wmi localy. But it keeps failing with: Error connecting to rootsms namespace to find Provider Location. Exiting! Access is denied. Please help!

  • Anonymous
    September 10, 2012
    Same issue as Rodney Koolman here. trying to use this script in sccm 2012, the account i am running this task sequence step is domain admin, but still i get "exiting -access is denied". what could be the cause?

  • Anonymous
    September 10, 2012
    fixed it. the account specified in the task sequence must have WMI rights on the sccm server. in my case i added this account as a full sccm admin in the console (Administration - Security - Administrative Users) the AD account itself is a standard user account without any special rights. hope this helps someone.

  • Anonymous
    April 18, 2013
    You mentioned that the account running this command must have the required rights to run.  What typr of rights are you refering to?

  • Anonymous
    August 16, 2013
    Really the unknown machine should be removed from the title as this code is designed to exit if the machine does not exist.

  • Anonymous
    February 05, 2014
    This doesn't seem to be working in refresh-scenario. Scripts adds the old computer object to the collection during the task sequence. Not the new one as I would like.

  • Anonymous
    March 26, 2014
    This does not seem to work for "Unknown" machines. If you check the Membership Rules after the task sequence has ran you will see an entry for "Machine Name - SMSTS" however the only thing that shows up under the collection members is "Unknown"

  • Anonymous
    April 16, 2014
    Love the script, it's certainly resolved a number of issues we're having.  What we've been seeing though is when we incorporate this script in a TS which runs through the OS restarts the machine into WinPE, installs an OS then restarts into that OS to begin Software installs.  This script seems to use the original GUID of the machine not the new one. which it is given when the SCCM Client is installed.  The client is re-installed before this script is run.  Is there some method to either refresh with the new GUID or to perhaps add both the old and new GUID into the collection as part of this script?

  • Anonymous
    November 06, 2014
    In a customer environment we struggled getting this to work.  After adding error/return codes to each of the wscript.quit statements we found that the script was failing to connect to the SMSProvider due to firewall restrictions.  Per the ConfigMgr documentation, RPC over TCP must be allowed from the client (the computer being imaged) to the SMSProvider (generally a Primary Site Server). If you are running the script and the object is not added to the collection membership, be sure to verify each parameter and that the firewall is open.  Adding return codes to the script will also greatly assist with troubleshooting.

  • Anonymous
    November 17, 2014
    The comment has been removed

  • Anonymous
    January 05, 2015
    Hi Vinay, thanks for your nice post!. I have a question, Where exactly I should create this Command on My Task sequence SCCM 2012 R2 (Which part of the TS)? Thanks a lot one more time

  • Anonymous
    February 19, 2015
    The comment has been removed

  • Anonymous
    February 19, 2015
    The comment has been removed

  • Anonymous
    April 09, 2015
    Skaggake, That should be 'cscript.exe' NOT 'csscript.exe'

  • Anonymous
    June 16, 2015
    Hi. Thanks for the great script. We are using it, and it works well on domain joined Computers, but not on Workgroup Computers. What do I need to change to make this work on Workgroup Computers, too? Thanks in advance and best regards, D. Rees-Clark