What's new
Forums on Intune, SCCM, and Windows 11

Welcome to the forums. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your topics and posts, as well as connect with other members through your own private inbox!

NEW WQL Query Help

  • Thread starter Thread starter webbth
  • Start date Start date
  • Replies Replies 3
  • Views Views 8K
W

webbth

New Member
Messages
3
Reaction score
0
Points
1
I'm hoping there is someone out there with better WQL chops than me that can help with this rather complex query. Right now we have a query in place that takes all computers in configuration manager, looks at the primary users, checks to see if the primary user is in an AD group, and includes them in the collection if they are. What I need to do is either:
  • exclude systems with multiple primary users
    or
  • exclude systems if any of the primary users are not in the AD group (preferred)

Example:
ComputerPrimary Users
CompAUser1, User2, User3
CompBUser2, User3
CompCUser3
User2 and User3 are in ADGroup but User1 is not, so the WQL query should return only CompB and CompC.

Current WQL:
select distinct SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System JOIN SMS_UserMachineRelationship ON SMS_R_System.ResourceID=SMS_UserMachineRelationship.ResourceID JOIN SMS_R_User ON SMS_UserMachineRelationship.UniqueUserName=SMS_R_User.UniqueUserName WHERE SMS_UserMachineRelationship.Types=1 AND SMS_UserMachineRelationship.IsActive=1 AND SMS_R_User.UserGroupName="DOMAIN\\GROUP"

I tried adding AND NOT SMS_R_User.UserGroupName!="DOMAIN\\GROUP" on the end of the query but that didn't have the right result, and I'm at the end of my WQL knowledge. Thanks in advance!
 
Sort by date Sort by votes
Why don't you create a collection based on the the security group only. aka what exactly are you going to do with collection?
 
Upvote 0 Downvote
So this is a collection for Windows updates, so it has to be device based. The catch is we need to target devices used by specific users, hence the filter on the primary user and AD group membership. The challenge is that I need a more complex query than the "any primary user is in AD group" that I have currently.
 
Upvote 0 Downvote
Alright, I think I have a solution for anyone that may be looking at something similar. What I ended up having to do was create a user collection based on the AD group (collection ID CM00000 in the example code), and then use that user collection in my query.

I then had to create two device collections, Collection1 has a query that finds devices with primary users that are not in the AD group user collection. Collection2 has a query that finds devices with primary users that are in the AD group user collection and excludes Collection1 (to get rid of devices with multiple primaries, some of whom may not be in the target group).

Now I can use Collection2 for my Windows updates test collection and it will automatically contain all the devices who's primary user(s) are in my IT department, but not any devices where a primary user is not in the IT department.

Collection1 (devices with a primary user NOT in the target group)
SQL: 
SELECT DISTINCT
SMS_R_SYSTEM.ResourceID,
SMS_R_SYSTEM.ResourceType,
SMS_R_SYSTEM.Name,
SMS_R_SYSTEM.SMSUniqueIdentifier,
SMS_R_SYSTEM.ResourceDomainORWorkgroup,
SMS_R_SYSTEM.Client,
SMS_UserMachineRelationship.UniqueUserName

FROM SMS_R_System
LEFT JOIN SMS_UserMachineRelationship ON
SMS_UserMachineRelationship.ResourceID = SMS_R_System.ResourceId
    
WHERE SMS_UserMachineRelationship.Types=1
AND SMS_UserMachineRelationship.IsActive=1
AND SMS_UserMachineRelationship.UniqueUserName NOT IN
(SELECT SMS_R_User.UniqueUserName
FROM SMS_R_User
JOIN SMS_CM_RES_COLL_CM00000 ON
SMS_CM_RES_COLL_CM00000.ResourceID = SMS_R_User.ResourceID)

Collection2 (devices with a primary user in the target group, also add Collection1 as a membership exclusion)
SQL: 
SELECT DISTINCT
SMS_R_SYSTEM.ResourceID,
SMS_R_SYSTEM.ResourceType,
SMS_R_SYSTEM.Name,
SMS_R_SYSTEM.SMSUniqueIdentifier,
SMS_R_SYSTEM.ResourceDomainORWorkgroup,
SMS_R_SYSTEM.Client,
SMS_UserMachineRelationship.UniqueUserName

FROM SMS_R_System
LEFT JOIN SMS_UserMachineRelationship ON
SMS_UserMachineRelationship.ResourceID = SMS_R_System.ResourceId
    
WHERE SMS_UserMachineRelationship.Types=1
AND SMS_UserMachineRelationship.IsActive=1
AND SMS_UserMachineRelationship.UniqueUserName IN
(SELECT SMS_R_User.UniqueUserName
FROM SMS_R_User
JOIN SMS_CM_RES_COLL_CM00000 ON
SMS_CM_RES_COLL_CM00000.ResourceID = SMS_R_User.ResourceID)
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

  • SOLVED Server 2025 doesn't show any updates
  • PENDING CMPivot not showing results in the CMPivot window
  • PENDING Query doesnt show all devices with the specific program
  • SOLVED Query for IrfanView doesnt work?
  • PENDING SCCM 2409 – All replication links FAILED, RLA says “Central administration still in maintenance mode”

    • Forum statistics

    Threads
    7,143
    Messages
    27,891
    Members
    18,188
    Latest member
    samforest

    Latest posts

    Trending content
    Back
    Top