There are many ways to create a collection containing all domain controllers. Here are some examples:
By a role of a computer:
1 2 3 4 5 6 7 |
SELECT SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client FROM SMS_R_System INNER JOIN SMS_G_System_COMPUTER_SYSTEM ON SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId WHERE SMS_G_System_COMPUTER_SYSTEM.Roles LIKE "%Domain_Controller%" |
By the primary AD DS group:
1 2 3 4 |
SELECT SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client FROM SMS_R_System WHERE SMS_R_System.PrimaryGroupID = "516" |
By AD DS group name:
1 2 3 4 |
SELECT SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client FROM SMS_R_System WHERE SMS_R_System.SystemGroupName = "EXAMPLE\Domain Controllers" |
I personally prefer the first version, by a role of a computer. You can download a MOF-file for this collection here. Just import it as described in How to Create Collections in Configuration Manager article and new “All Domain Controllers” collection will appear in your SCCM console.
I’d suggest doing it by either method 2 or 3. Method 1 requires the client to be installed and Hardware Inventory to run, where 2 and 3 only require AD System Discovery. If you use Method 1, you will have to wait for hardware inventory to be reported and the collection to update again before a new client on a domain controller ends up in the collection. With methods 2/3, the resource would be added to the collection using the discovery information which is likely to be there before the client is even installed.
Hi Nash,
Thank you for the clarification. When I was writing this item, my thoughts at the moment were all about software installation to DCs, which implies the installed client.
I do agree that the two latter methods are more lightweight and almost always deliver results faster. On the other side, they require from a Site Server to be able to connect to that Active Directory forest where the DC in question resides, which might be impossible in a separated infrastructure with multiple AD DS forests.
select * from SMS_R_System where SMS_R_System.PrimaryGroupID = “516”