Collection based on group membership

[Jerz]

We have just finished SMS 2003 SP3 rollout. I've been tasked with creating a package that will be delivered to computers as they are made members of an AD group. Thus, I need to update a collection via a rule like 'all computers in this AD group'. I believe my first hurdle is that the groups are NOT in SMS (nor are any users). If I enable ADSGD recursive at the root and include groups, am I going to be loading EVERY group in AD into the SMS database, or just the ones that contain computer accounts (VS user accounts)? Would it be wiser of me to pigeon hole all these specific groups in 1 lonely OU somewhere that are going to be used for this purpose?

 

[RickSurly]

I just made a push to a collection based on an AD security group. Based on what I see, Active Directory System Group Discovery only enumerates groups containing computer accounts. If you don't want to wait for it's scheduled synchronization, you can initiate it manually from the Polling Schedule tab.

 

[Jerz]

OK, so I was able to populate the collection. Now my problem is the collection does not remove computers that have been removed from the group. I have waited about 72 hours, and manually started the ADSGD task repeatedly. The two computers that are no longer in the group still have 'SystemGroupName[2] ADName\Groupname' listed in their properties, even though they have long since been removed. Any idea which log ADSGD updates as it discovers?