Create SCCM Collections based on Active Directory OU

ByPrajwal Desai Hours

I have been working with a customer who recently added many new OU’s (Organizational Unit) to Active directory. The customer told us to create SCCM collections based on the Active Directory OU. In this post I will cover the steps to create device collections based on AD OU.

To create SCCM collections you require a query. However you can achieve this task using PowerShell as well. In this post I will make the use of Query rule to create device collection.

I have noticed many organizations still use Active Directory groups or Organizational Unit to do operational tasks in SCCM. Even though it’s not efficient method but it’s still used. Once you create the collection, whenever the OU’s are updated with new clients, it would update SCCM collection.

Useful Info – For Windows Server device collection, read this post and for Windows 10 SCCM device collection, refer this post.

Create SCCM Collections based on Active Directory OU

The below procedure shows you how to create the SCCM device collections based on Active Directory OU.

Prerequisites

  • You must have the list of OU names handy. This will help you while creating the device collection.
  • Add the OUs under Active Directory System discovery. This is an important step because the OU’s have to be discovered before you use them in your query.
  • Sufficient permissions to create device collection.

Create SCCM Device Collection

  • In the SCCM console, navigate to Assets and Compliance > Overview > Device Collections.
  • Right click and select Create Device Collection.
Create SCCM Device Collection
Create SCCM Device Collection

On the General page, specify the name of the collection. Click Browse and select Limiting Collection. Click Next.

Specify Device Collection Name
Specify Device Collection Name

On Member Rules page, click Add Rule > Query Rule.

Add Query Rule
Add a Query Rule

Add SCCM Query

On the Query Rule Properties window, type the name of the collection. Ensure the Resource class is System Resource. Click Edit Query Statement.

Create SCCM Collections based on Active Directory OU Snap4

On the Query Statement Properties box, click Criteria tab and click yellow icon.

Create SCCM Collections based on Active Directory OU Snap5

On the Criterion Properties box, click Select button.

Create SCCM Collections based on Active Directory OU Snap6

Select Attribute class to System Resource and Attribute to System OU Name.

Create SCCM Collections based on Active Directory OU Snap7

Set the Operator value to is equal to. Click Value button.

Create SCCM Collections based on Active Directory OU Snap8

Select Active Directory OU

In the Values window, select the Active Directory OU. The SCCM device collection that you create will include all the computers from this OU. Click OK.

Select Active Directory OU
Select Active Directory OU

The criteria that you chose is displayed. Click OK.

Create SCCM Collections based on Active Directory OU Snap10

On the Query Rule properties window, you can now view the query. Click OK.

Create SCCM Collections based on Active Directory OU Snap11

Back to Membership Rules page, click Next.

Create SCCM Collections based on Active Directory OU Snap12

On the Completion window click Close.

Create SCCM Collections based on Active Directory OU Snap13

In the SCCM console, under Device Collections, you should see the OU based collection. You may right click the collection and click Update Membership if you don’t see any member count.

Create SCCM Collections based on Active Directory OU

Avatar photo

Prajwal Desai is a Microsoft MVP in Intune and SCCM. He writes articles on SCCM, Intune, Windows 365, Azure, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.

9 Comments

  1. Avatar photo Twila Richardson says:

    Thank you! You are the best person to follow for a newbie to MECM (SCCM) Administrator such as myself. This exactly what I needed on my job today!!

    Reply

  2. How do i create a collection of all devices that are not in active directory using this method?.
    Please note they were in active directory but they no longer are in active directory.

    Reply

  3. Thank you for this nice clear instructions. Worked exactly as I needed it.

    Reply
  4. Avatar photo Matt Pierce says:

    I followed this and it works very well. The problem we are seeing is not that some computers are not showing up that are ctually in that particular OU. The issue is that we are seeing many other objects in the query run complete listing which are not there when you look inside ADUC. In ADUC, I see only 2 computers, but in the query I see 10. What causes this? It’s like ghosted objects that might have once been located in this OU. Any info on how to fix this?

    Reply
  5. Avatar photo Robert Stubblebine says:

    Best instructions I have seen in a long time, exactly what I needed Thanks!

    Reply
  6. Avatar photo Christopher Tabuchi says:

    Your posts are always excellent!

    Reply

  7. This is exactly what I was looking for!

    Thank you!

    Reply
  8. Avatar photo Sunil Maharjan says:

    looking of your help in SCCM. I am getting Problem at “Select Active Directory OU” step. here i have found same OU name in two row, one along with complete OU structure and one only OU name. Hence it give me error for some OU while creating collection of devices. what i am suppose to do. Please help me to solve the problem

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *