How can I get the membership rules on all collections in a folder (Powershell)?

A few weeks back I was tasked with the enormous task of checking that all device-collections that were associated with an application were linked to a group in the Active Directory and that direct membership wasn’t used. If this had been on a, let us say, ten collections it would have been done in about 20 minutes,  but in this case it was over 100 collections… Going the long way of right clicking, choosing “Properties”, waiting a few seconds and the select the correct tab wasn’t an option, so PowerShell to the rescue!!

The script bellow will check the membership rules on all device collections located under the folder “Applications” and create a txt-file with the output under C:\fso\.

$foldername = 'Applications'

$folderobj = Get-WmiObject -Class SMS_ObjectContainerNode -Namespace Root\SMS\Site_P01 -Filter "Name='$foldername'" | foreach {$_.ContainerNodeID}

$list = Get-WmiObject -Class SMS_ObjectContainerItem -Namespace Root\SMS\Site_P01 -Filter "ContainerNodeID=$folderobj" | ForEach-Object{
    Get-CMDeviceCollection -CollectionID $_.InstanceKey | foreach {$_.name, $_.collectionrules}
}

$list | Out-File C:\fso\List.txt

 

The output in the file will look like the image below, I’ve marked the name of the collections in red, the query in green and clients that have been added with direct membership has been marked with orange. (Click for larger image)

List

 

By doing this, it took me about 20 minutes to eliminate all device collections that were correctly configured and to remove all clients that were added with direct membership and add them to the correct AD-group instead.

 

This entry was posted in Powershell, SCCM and tagged , , , , , , . Bookmark the permalink.

3 Responses to How can I get the membership rules on all collections in a folder (Powershell)?

  1. Pingback: PowerShell Guides - A guide to Microsoft ProductsA guide to Microsoft Products

  2. John Brown says:

    Hi There,

    I am able to run the script successfully in my SCCM 2012 R2 environment, but I get a WMI Generic error message when I run it in SCCM CB (1806) environment.

    Error Below, any thoughts why?

    Get-WmiObject : Generic failure
    At H:\scripts\SCCM_Collection_MemberRules_SCCM10.ps1:5 char:9
    + $list = Get-WmiObject -computername tpcmpsa1.prod.travp.net -Class SM …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException
    + FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

Leave a Reply

Your email address will not be published. Required fields are marked *