SCCM Domain Controllers Collection Query

ByPrajwal Desai Hours

If you are looking for a SCCM device collection to group all domain controllers in your setup, you are at right place. If you want to group all your domain controllers in one device collection, you can use a simple query.

Sometimes all you need a quick query to create device collections in Configuration Manager. SCCM comes with built-in collections however you may need to create collections based on requirements.

To create SCCM collections based on active directory OU refer this post. And to find out the SCCM queries for mobile devices, read this post.

First of all to manage domain controllers using SCCM, you must first install the ConfigMgr client agents on domain controllers. By default the client push excludes the option to install agents on domain controllers.

If you notice Target machine is a DC Not processing this CCR while client push, you may refer the following post – https://www.prajwal.org/target-machine-is-a-dc-not-processing-this-ccr/.

SCCM Domain Controllers Collection

Let’s create a device collection in SCCM that groups all your domain controllers present in the setup. Open the Configuration Manager console and click Assets and Compliance > Device Collections.

Right click Device collections and click Create Device Collection. On the Create Device Collection wizard, specify the collection name. Click Next.

Create a new device collection
Create a new device collection

Specify the query name and click Edit Query Statement.

SCCM device collection to group all domain controllers
Edit the Collection Query

Paste the below query and click OK.

SELECT SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client
 FROM SMS_R_System
 INNER JOIN SMS_G_System_COMPUTER_SYSTEM ON
 SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId
 WHERE SMS_G_System_COMPUTER_SYSTEM.Roles LIKE "%Domain_Controller%"
SCCM Domain Controllers Collection Query
SCCM Domain Controllers Collection Query

Click Next on Summary page and finally on Completion window, click Close.

SCCM Domain Controllers Collection Snap4

The query runs and gathers all the computers that have got system roles as domain controllers. Since I have just 1 domain controller in my setup, the member count is 1.

Domain Controllers device collection
Domain Controllers device collection

In addition to the above query, you can also use the below query to collect all domain controllers in your organization.

SELECT SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client FROM SMS_R_System WHERE SMS_R_System.PrimaryGroupID = "516"

Avatar photo

Prajwal Desai is a Microsoft MVP in Intune and SCCM. He writes articles on SCCM, Intune, Windows 365, Azure, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.

2 Comments

  1. Avatar photo Doug Jacobson says:

    To collect both domain controllers and read-only domain controllers. Add the (or SMS_R_System.PrimaryGroupID = “521”) to the end as 521 is the PrimaryGroupID for the Active Directory “Read-only Domain Controllers” group.

    select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.PrimaryGroupID = “516” or SMS_R_System.PrimaryGroupID = “521”

    Reply
  2. Avatar photo George Stamatopoulos says:

    Hi
    By the location in AD is cute (Domain Controllers OU), but by service is more professional.
    … where SMS_G_System_COMPUTER_SYSTEM.Roles like “%Domain_Controller%”
    and this one also
    … where SMS_G_System_SERVER_FEATURE.Name like “Active Directory Domain Services”

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *