Process overview:
  • Get AD Group->Collection relationships
  • Get OU->Collection relationships
  • Get list of Groups to skip from a text file (makes the AD queries more efficient if you skip known large groups that are never used for SCCM)
  • Query AD for Group changes
  • Filter those changes and only check Groups associated with a Collection
  • Do my special coding magic to find the exact changes to those groups (this is the part I am most proud of)
  • Find new Computer Objects in AD
  • Find new SCCM Computer objects
  • Remove duplicates
  • Process each computer
  • Find all group memberships (not just the changed ones since we need to populate all group memberships in SCCM)
  • Get OU information for the computer
  • Create DDR
  • Find all collections that match any of the groups that any of the computers are in
  • Remove duplicate collections from list to process
  • Force a collection update on all of those collections

Registry entry Descriptions (not all of them documented yet):
  • MINUTESBACKFORNEWSMSCLIENTS - How old can a new SCCM client be for us to process it (probably hard for you to test with the date format issues)
  • ADDITIONALMINUTES - This is basically how far back it looks for AD changes. So, if it is set to "5", it will find any AD Group/OU changes that happened in the last 5 minutes each time it loops. It is good to have this set to a bit less than the SECONDSBETWEENLOOPS so everything gets processed twice. This is because the SCCM server might take a while to process the DDRs and it could do the Collection refresh before the new DDR info is in the database (so the new resource would not get in the Collection).
  • TESTMODE - If set to "TRUE", It doesn't actually copy the DDRs into Auth\DDM.box or refresh any collections. Useful to see what it would do without actually making any changes to your SCCM environment.
  • ENTRIESTORETURNPERQUERY - This is an AD thing (http://itchanged.com/GettingMembersOfLargeActiveDirectoryGroups.html). 1000 is fine. It controls how many records are fetched at a time for an AD query. It should return more than 1000, that is just how many it fetches at once.

SCCM Installation Notes.docx

Last edited Aug 9, 2011 at 7:12 PM by mattbro, version 4

Comments

No comments yet.