SCCM – Active Directory Security Group Query for User Collection


If you are looking at setting up a SCCM user collection based on membership of an Active Directory Security Group, then you can use this WQL query for the collection.

WQL Script

To set this up, create a new collection and copy and paste this as its query:


You can add or remove any of the SMS_R_USER columns from the select statement but the part you will need to change is:

  • “DomainADSecurityGroup” – this should be changed to the name of your own domain and after the then change this for the object name of your security group.

Then go ahead and save this query and from within your SCCM console, update the collection and you should now see all the users within the security group, in your new collection.


If you have any questions or feedback on this guide, then please feel free to leave us a message below in our comments section.

Leave us a message...