|
|
 
0 |
By request, here are some queries that could be incorporated into more complex queries to group machines based on multiple criteria that include the computers role and operating system. I can’t say that incorporating OS and/or computer role into AD Integration is something I’ve heard come up very often, but if it fits your model, so be it.
You can find the guide to AD Integration in OpsMgr Raphael and I put together HERE. The guide includes tips for how to use security groups and OUs (indirectly) in your AD Integration strategy.
NOTE: If you're an AD guru and wondering why I did not specify which directory partition to target, it because OpsMgr 2007 stores it's configuration data in the Domain NC, so all queries are implicitly targeted to the Domain partition.
Sample Queries for AD Integration
#Find All Workstations
(sAMAccountType=805306369)
#Find all 2003 Servers Non-DCs
(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*)))
#Find all 2003 Servers - DCs
(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2003*))))
#Find all Server 2008
(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*))))
#Find all Windows 2000 SP4 computers
(&(&(&(objectCategory=Computer)(operatingSystem=Windows 2000 Professional)(operatingSystemServicePack=Service Pack 4))))
#Find all Windows XP SP2 computers
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2))))))))
#Find all Windows XP SP3 computers
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 3))))))))
#Find all Vista SP1 computers
(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1)))))
Conclusion
AD Integration is the preferred method of automation for agent configuration. If you don't use it today, consider plugging this into your management group.