Deploy based on AD User Group?


1 comment

  • Jørn Rønne Gaarde

    We run it that way. It's a little tricky but it does work:

    In AD I create a Global Security group for every package we need to be able to distribute this app_WS_Chrome. You put the computers in this group - not the users.

    In PDQ Inventory I create a Dynamic Collection matching each AD group with the following filter, ie.:

    All -> Member of AD Group -> Name -> Equals -> app_WS_Chrome

    Under this collection I create collection called Not installed. It's a Drill down from parent collection containing PC's which do not have the application installed, ie:

    Not Any -> Application -> Name -> Starts With -> Google Chrome

    In PDQ Deplpy I create a schedule for each group, ie.:

    AutoInstall [app_WS_Chrome] Google Chrome

    Target Collection: app_WS_Chrome -> Not Installed

    Packages: Google Chrome

    Trigger: Heartbeat

    The trigger is currently the weak point, as you'll probably prefer PDQ to scan your AD (to get new AD group members, then trigger the PDQ Deploy schedule). PDQ doesn't really support this, so I created a small PowerShell script which is triggered every ten minuts via Windows Task Scheduler. What is does is:

    1. Trigger ADSync (PDQInventory ADSync -StartSync)
    2. Wait for sync to finish (watch modified date of C:\ProgramData\Admin Arsenal\PDQ Inventory\ADSync.log)
    3. Check if there are any members in any of the Not installed collections ($collections=PDQInventory GetAllCollections | where {$_ -match 'Not installed'}
    4. If there is, trigger all Deploy schedules (PDQDeploy StartSchedule -ScheduleId $sch).

    For the last trigger step I get the schedule ID's with 

    $schedules = PDQDeploy GetSchedules | where {$_ -match 'app_WS'}

    , then iterate through triggering each one.

    Anyway, it's not perfect but it does work :)


    Comment actions Permalink

Please sign in to leave a comment.