Greetings.
Using SCCM 2012.
My goal is to create a Global Condition using the Setting Type "Active Directory query" (from the drop-down list in the Create Global Condition wizard) that lists the AD Groups of the Computers. Then, for Deployment Types, I can specify a Requirement that uses the Global Condition to verify whether the Computer is a member of a specified Group.
For example...
For these Deployment Types:
Priority 1 - AppX(with only Feature1) - needs to install to Computers in the AppX Collection that are members of AD Group called AppX-Feature1
Priority 2 - AppX(with only Feature2) - needs to install to Computers in the AppX Collection that are members of AD Group called AppX-Feature2
Note please:
I know there are a few ways to do this.
I do not want to use a Script or any other "Setting Type"
I do not want to use multiple collections (I am already doing this...that is, building 2 Collections (using WQL queries that check the same group memberships mentioned above), building 2 Apps, and deploying one app to one collection, the other app
to the other collection.
I DO want to use the feature provided by SCCM....Global Condition | Active Directory query. It's here, I would like to use it. But documentation explaining what to enter in the fields in the Create Global Condition wizard seems non-existent, and
I'm stumped.
So...
I need to see an example of what to enter into the fields of the Create GC wizard that will return all of the groups the computer(s) belongs to.
And I need to see an example of what to specify in the DT Requirement settings. I've noticed the Operator options in the Requirement change depending on whether you select String (Equals, Contains, One of, etc.) or String Array (All Of is the only option,
which puzzles me) as the Data Type in the GC. I assume a list of groups would be a String Array.
I have read through a few threads that have started with this same question, but ended in unproductive debates about whether it should be done this way or in alternatives to do it with some other alternative. Please refrain from steering this post into similar directions. I am ok with this sitting until accurate and to-the-point answers arrive.
The difficulty in testing the Global Condition settings begs for better documentation (and admittedly, for me to have a better understanding with using LDAP queries). I can get my LDAP browser and the Powershell Get-ADPrincipalGroupMembership to list groups for a specified computer. I just can't translate the query into the Required fields in the SCCM GC wizard (see pic).
Thanks in advance.