SCCM: Code breakdown – Deploy Application to Device Collection

As you might have noticed, I’m having fun playing around with SCCM lately and have really noticed that PowerShell is king here.

While the application has great potential, I personally feel that the GUI is lacking functionality which you can only obtain through PowerShell.
Of course this isn’t a problem, merely a challenge in some cases, but I feel that they could’ve stepped up a bit.
It at least explains why I see so many SCCM admins playing around with PowerShell.

For today I thought I’d break down my code and reasoning behind it a bit more, so in case you’re just here for the code, scroll down πŸ™‚

The problem

Well, it’s not really a problem, but more of a speed related issue that I’ve decided to make this script:
If you have created an application, you want to deploy this to a collection because well… that’s simply how it’s used πŸ™‚

Now the problem with the GUI for me was that I can’t deploy multiple applications to multiple collections at the same time because… I have no reason why not!

The solution

I’m sure it’s not the most elegant solution and I still have some fine tuning to do, but so far Out-GridView is my poison of choice πŸ™‚

Let’s start

We start off with the default start of an Advanced Function or Script

[CmdletBinding()] allows us to transform our Script/Function to an Advanced version, giving it access to Common Parameters such as -Verbose -WhatIf and more.
I’ve also described this in a previous post, so in case you want some more theory on how/what/why there, please be sure to read up there.

Now I need to make sure that I actually get a parameter value included by the user and if you want you can manually specify the Device Collection to which you want to Deploy applications. For this I use the [ValidateNotNullOrEmpty()] Validation Attribute, which does exactly what it says.

Last but not least, while you CAN enter your own Device Collection name, I have provided a built-in solution using Out-GridView , that allows you to select one or multiple Device Collections, which it automatically looks up for you.

The best part here is the -PassThru parameter, which takes the information selected and passes it through to whatever you want to do with it next!

Now we begin {}

As expected, we’re now starting the begin statement to define some default information we can use throughout the script and report some information back.

Here I’m simply getting the available Distribution Group [I simply have 1 DG with 4 nodes, so in case you have multiple, you might want to hardcode that one for now, as I’ve not made this compatible with multiple] and the available Applications and writing them to variables.

I’m also writing some Verbose output, which can come in handy when troubleshooting the script.
I have picked up this habit by looking at a lot of code from Jeffery Hicks.

One of the handy tips that I’d recommend using is the following bit

2 Bits to use here:

  1. In case you want to refer to a Property of a Variable, without having to store it in its own variable, you can use $
    However, if you want to refer to this within your script, it won’t work “out of the box” or it won’t display the expected value.
    You will need to use sub-expressions, as explained by Stefan Stranger here.
  2. $MyInvocation.MyCommand displays the currently executed command.
    The MyInvocation variable is one of the selection of Automatic variables, which will always be available to you.
    $MyInvocation has various interesting values which you can use when troubleshooting remotely, so I would advise playing around with it πŸ™‚

On to the Process {}

Once you get used to the coding, things aren’t all that difficult, so while the bulk of the code resides in the process {} block, it’s not even too hard to read/comprehend:

Here I simply get a list of all the applications available, so I can simple select whichever one I need to deploy [using Ctrl + click or Shift + click you can select multiple Applications, just as with the Device Collections].

Now for each of the applications selected, I will distribute the content so it’s available, and then deploy the application to the selected Device Collection(s).

Last but not least, once I’ve deployed the application, I will enforce that the Device Collection will need to request their machine policy ASAP.

As mentioned before, this bit of code isn’t difficult or complex, you just need to know which cmdlet does what and you’re golden.

Known issues

As mentioned before, there still needs to be some polishing done to clean everything up, but as far as I am aware, these are the 2 known “issues”:

  • The script currently takes into account 1 single Distribution Group.
    If you have more than 1, either make your own adaptation to the script, or hard code the required Distribution Group.
  • Currently on Content distribution, you will receive an “error” message if the application has already been deployed.
    Luckily the error message tells you that this is the case, but it’s still red text that I’d prefer to have replaced in a later version of the script in order to make it more userfriendly.

Final Code

In case you didn’t care for all the explanation above, come get the script here πŸ™‚
In case you’ve read all of the above, I hope it helped you a bit!


Happy Scripting! πŸ™‚


SCCM : Refresh Device Collection Memberships

I’m in theΒ finishing stages of a new SCCM deployment, but also in the process of an Active Directory consolidation at the moment, and ran in to the following issue:

A machine from Domain A has been re-imaged using SCCM to run in Domain B.
SCCM has a Device Collection X for Domain A and Device Collection Y for Domain B.
Device Collection Y has a Deployment for a specific VPN Application that’s required, otherwise it won’t run.

The Problem

The engineer that re-images the machine forgot to remove the machine from Domain A and therefor doesn’t get the VPN Application, as the Client is still recognized as being an active machine on Domain A, taking precedent over the fact that it ALSO exists in Domain B now [same MAC address etc].

The Solution

By manually removing [yes, this needs to be automated at a later time as well] the old AD machine from Domain A and refreshing the Device Collection’s memberships, the issue can be resolved.

Normally this is something that gets done on a regular interval [in this case, every 24h], but we need to force it, sometimes for multiple Device Collections.

Instead of using the clunky GUI, PowerShell’s to the rescue πŸ™‚

There is a WMI Method in the SMS_Collection which does exactly what we require: Refresh the Membership of a Collection πŸ™‚

The Code

Here’s the code that does the trick for me

Happy Scripting! πŸ™‚