Purpose: Get all Workstations from an Active Directory Security Group (WQL)
If your environment uses heavily active directory security groups, you can use those memberships in Configuration Manager Device Collections. With a simple query, you can set the system to gather all the members of an active directory security group into your brand new (or old) device collection.
NOTICE: You must have activated and ran the Configuration Manager Group Discovery so that the active directory security groups have been discovered. If the groups are they are not discovered at the moment, you can set the Group Discovery to search the active directory LDAP where they are. While you wait for the Group Discovery to run its course (click run now after the LDAP insertion), you can follow the progress by observing the adsysgrp.log on your configuration manager server log folder.
|All Workstations from an AD Security Group|
|Limiting collection: All Systems / All Systems (With Client)|
|Resource Class: System Resource|
|select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = “YOURSECURITYGROUPNAME”|