myITforum.com Community Forum myITforum.com Community Forum

Home  Forums  Blogs  Live Support chat  Search Articles  Wiki  FAQ  Email Lists  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

All Forums RSS Feed Subscription:


  


List Members of AD Group from SMS Point of View

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
  Printable Version
All Forums >> [Management Products] >> Microsoft Systems Management Server >> SMS 2003 >> List Members of AD Group from SMS Point of View Page: [1]
Login
Message << Older Topic   Newer Topic >>
List Members of AD Group from SMS Point of View - 5/2/2008 7:50:58 PM   
jbarber

 

Posts: 21
Score: 0
Joined: 7/17/2007
Status: offline 		Running SMS 2003 SP3.  We have Collections assigned to AD Groups then we populate the AD Group with User Accounts.  Trying to find a Report or some way to display the Users of the AD Group that are assigned to the Collection from within SMS rather than looking in AD.  Reason is if we add users to the AD group, SMS does not pick them up right away.

I am trying to list from SMS point of view which users are assigned to the AD Group which is assigned to the Collection.  Could not find an out-of-the-box report to do this or a manual way either.

Any assistance would be greatly appreciated!


Thanks,

Jody Barber
City of Mississauga
Post #: 1
RE: List Members of AD Group from SMS Point of View - 5/3/2008 8:31:15 PM   
skissinger


Posts: 1972
Score: 129
Joined: 9/13/2001
From: Sherry Kissinger
Status: offline 		So, the only member of the collection is the AD Group?  When you mention "if we add users to the AD group, SMS does not pick them up right away.", I think you are experiencing the fact that a user must log off and log back on to a computer in order for the Token (the new group membership) to be attached to that login instance, then then the SMS client can figure out the new usergroup membership. 

The links between SMS and AD are not instantaneous; but there are ways to decrease the time.  There are some decisions you need to make so you know how to structure your environment.  Add a user to a usergroup?  Add a computer to a usergroup?  or add a computer to a collection query based on other criteria?  How big is your environment?  Who is going to be adding those objects?

But the easy answer is to continue to add users to the usergroups--just make sure to have the end user logoff/on after being added.

_____________________________

mofmaster@smsexpert.com (version 2007) | http://www.smsexpert.com | http://www.sccmexpert.com
Microsoft MVP - ConfigMgr

(in reply to jbarber)
Post #: 2
RE: List Members of AD Group from SMS Point of View - 5/4/2008 9:14:18 AM   
jbarber

 

Posts: 21
Score: 0
Joined: 7/17/2007
Status: offline 		Thanks for the info.  Am aware of this.  Basically, here is what I am trying to do:

I am trying to find a way (custom SMS Report?) to see if SMS has picked up the new addition to the AD Group when a user says they are not getting the new Advertisement.

If I check the AD Group manually the new user is there.  Want to see if SMS knows it is there yet.

Was looking for a SMS Report that will let me pick an AD Group and then it will list not just the Group Name but the members of the AD Group based on the last time SMS polled the AD Groups.

Thanks,

Jody Barber

(in reply to jbarber)
Post #: 3
RE: List Members of AD Group from SMS Point of View - 5/4/2008 6:56:56 PM   
skissinger


Posts: 1972
Score: 129
Joined: 9/13/2001
From: Sherry Kissinger
Status: offline 		Since it's a matter of the end user logging off/on at the client computer, you'll have to look at the last logon time on that user's computer, and compare it to the time the user was added to the usergroup.

I never looked to a SMS solution to that issue--and we deliver a LOT of advertisements to a usergroup--because our login script log records the usergroups a user is a member of during login, so when a local tech indicates a similar problem, I train them (it's almost always a new tech) to look at that local log file and see that, for example... the user logged in Monday, 7:59am according to the local log, and the group was not listed; the trouble ticket indicated that the user was added to the usergroup at 8:15am.  It's now Wednesday, and the ad still isn't there.  Well, the user *still* hasn't logged off/on.  A logoff/on, about 2-4 minutes later (after the new policies are retrieved and evaluated) and the advert is there. 

If you don't have a similar login log to look at; you could still deduce last logon from the local Eventlog; presuming you have the GPO enabled to record logon/offs in the Security event log.

_____________________________

mofmaster@smsexpert.com (version 2007) | http://www.smsexpert.com | http://www.sccmexpert.com
Microsoft MVP - ConfigMgr

(in reply to jbarber)
Post #: 4
RE: List Members of AD Group from SMS Point of View - 5/4/2008 10:20:52 PM   
phaustein


Posts: 859
Score: 32
Joined: 3/21/2005
From: Washington, DC
Status: offline 		If I am not mistaken, when a AD group is modified, a new AD discovery must be run to update what SMS knows of AD.  After that the collection would need to be updated to refresh the list of its membership. 

_____________________________

Hope this helps.
Paul

(in reply to skissinger)
Post #: 5
RE: List Members of AD Group from SMS Point of View - 5/6/2008 12:35:26 PM   
schechm

 

Posts: 2
Score: 1
Joined: 7/11/2007
Status: offline
quote:

ORIGINAL: phaustein
If I am not mistaken, when a AD group is modified, a new AD discovery must be run to update what SMS knows of AD.  After that the collection would need to be updated to refresh the list of its membership. 

If you use a query-rule that references someone being in a collection, yes.
If you simply add the Group as a direct member, then it seems to make the decision client-side.

(in reply to phaustein)
Post #: 6
RE: List Members of AD Group from SMS Point of View - 5/6/2008 6:13:24 PM   
phaustein


Posts: 859
Score: 32
Joined: 3/21/2005
From: Washington, DC
Status: offline 		That is correct, but a collection update must take place before the collection membership is updated regardless of the method.

_____________________________

Hope this helps.
Paul

(in reply to schechm)
Post #: 7
Page:   [1]
All Forums >> [Management Products] >> Microsoft Systems Management Server >> SMS 2003 >> List Members of AD Group from SMS Point of View Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts



  
Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.234