SCCM – Active Directory Security Group Query for User Collection

microsoft

If you are looking at setting up a SCCM user collection based on membership of an Active Directory Security Group, then you can use this WQL query for the collection.

WQL Script

To set this up, create a new collection and copy and paste this as its query:

select
SMS_R_USER.ResourceID,
SMS_R_USER.ResourceType,
SMS_R_USER.Name,
SMS_R_USER.UniqueUserName,
SMS_R_USER.WindowsNTDomain
from
SMS_R_User
where SMS_R_User.SecurityGroupName = “DomainADSecurityGroup”

Variables

You can add or remove any of the SMS_R_USER columns from the select statement but the part you will need to change is:

  • “DomainADSecurityGroup” – this should be changed to the name of your own domain and after the then change this for the object name of your security group.

Then go ahead and save this query and from within your SCCM console, update the collection and you should now see all the users within the security group, in your new collection.

More Queries

Our full range of SQL and WQL Collection queries are available here.

Feedback

If you have any questions or feedback about this post, or if you would like us to create any queries for you, please go ahead and leave us a message below in the comments section and we will get back to you as quick as we can.