How to add a Known/Unknown Computer to a specified collection during OS Deployment

Have you ever wondered why a ConfigMgr client takes a long time to run the advertised programs after you deploy this client using ConfigMgr OSD? Well, this is because as soon as the machine is imaged, it gets added to the ‘All Systems’ collection and gets the advertisements/policies that are targeted to the All Systems collection. But what if your advertisements are not targeted to the default All Systems collection, and instead are targeted to a custom query based collection? In that case, the newly imaged machine doesn’t get added to the custom collection until it sends the inventory AND the collection updates based on its schedule and finds the machines that fulfill the query condition to add the machine(s) to the collection, and in turn triggering the creation of policies for these clients. Until this happens, there are no Advertisements for this newly imaged client to run(unless of course, they were targeted to the All Systems collection). This is why you may notice a delay of up to 24 hours or more until you see the newly imaged clients processing all the Advertisements that you expect them to execute.

One way to workaround this delay is to add the machine to the desired collection(s) manually, and give it about an hour to request for new policies. However, this is a tedious task. Another way is to somehow add the computer to the desired collection during the OSD Task Sequence run-time. This would result in the computer pulling all the policies targeted to the desired collection immediately after it is imaged. I wrote a script that can be used to do just that. All you need to do is to add a ‘Run Command Line’ task to the Task Sequence and specify the following Command line:

cscript AddMeToCollection.vbs <SiteServerName> <CollectionID> %_SMSTSClientIdentity%

In the above command line,
<SiteServerName> needs to be replaced with the SMS Site Server Name
<CollectionID> needs to be replaced with the desired Collection ID

Thats all that you need to edit in the above command line. However, you need to make sure that you run this command line as an account which has rights to connect to the SMS Provider. If the account running this command does not have the required rights, then the script will fail to execute. Regardless of the Success/Failure, you would see the return code in the SMSTS.log, which may be useful during troubleshooting.

You can find this script attached here. I hope you find this post useful.

IMPORTANT: Using the example above works in my lab, however information in this post is provided "AS IS" with NO Warranties, or Support.

Vinay Pamnani | Support Engineer

Comments (31)

  1. Nisha says:

    Awesome!! That's a fantabulous piece of info .. 🙂

  2. Simon says:

    How about a script that queries SCCM for all collections a computer belongs to, save that to a variable and then post, add the computer back into all those collections?

  3. Just a little tweak: you are creating a direct membership rule using "oCollection.AddMembershipRule oDirectRule". So there's no need to trigger an update of the collection membership (oCollection.RequestRefresh False) afterwards if I am not mistaken (because direct membership clients are inserted directly into the corresponding table without the need for collection evaluator to run).

  4. Koneti says:

    Good but AS soon the computer is newly imaged(member in AD) and discoverd by SCCM,it will be added to SCCM Database and based on the collection membership updatation,the newly computer will be added to all the collections where the collection query matches to the computer if i am not worng. Is there any necessity to send the hardware information before getting the computer policies ?

  5. Sagar says:

    Excellent!Thank you so much for that information, I wanted to try this in our lab before we implement in one of our customer place ,kindly let me know is there any specific part of the TS where we should put this in or can we just add it somewhere after Setup Windows and ConfigMgr task during the PostInstall Phase.

    Thanks once again!

  6. VinPa says:

    @Simon: That's a good thought. I'll see what I can come up with, given i get enough time to do this stuff.

    @Torsten: You are absolutely correct Sir. I will change that shortly.

    @Koneti: It really depends on the Collection Query. If the query is based on a condition that relies on Hardware/Software Inventory then the Collection will update only after that information is sent. However, even if the Collection Query is independent of Hardware/Software Inventory, the Collection Update can take upto 24 hours (which is the default update schedule).

    @Sagar: In all my testing, I placed the Run Command Line task right after Setup Windows and ConfigMgr task.

  7. Mathieu says:

    Hi have a question, I am trying to use that script and I have an error message telling me "Could not find the Resource ID for the computer. Exiting!". I did the test on another test lab and the script worked.

    The only difference is:

    LAB A: my SQL server is on another server, the script is not working

    LAB B: My SQL server is on the same server as my SMS provier.

    Is there a way to make it work in LAB A wihtout many changes?


  8. VinPa says:

    @Mathieu: The script does not connect to SQL, but instead gets the Resource ID from SMS Provider. As long as you provide the Site Server name in the command line, it should work fine. However, if it's not able to find the Resource ID, it would either be a problem identifying the SMS Provider Namespace, or connecting to the SMS Provider Namespace. You would see the error right after the line in SMSTS.log that says, Exiting!

    You may want to connect to the rootsms namespace on the Site Server, and see if you have the correct SMS Provider Location listed there, and also make sure the account you're using to Run the Command Line has rights to connect to the namespace.

  9. Mathieu says:

    My bad, thank you for the information I was with the idea that it was getting the info right from the database. I did made some more test and find out that the account I was using was the real problem, everything else was working but again there was some permission missing.

    Sorry for my other post 🙂


  10. SebastienM says:

    Hi, Thanks for your script. I m working on a SCCM deployment scenario and I've found some month ago a script named collad.vbs (google it to find it) which is doing the same thing (I think).

    I would like to use this script to install sofware update during workstation installation. But to do that there are 4 steps to accomplish :

    – Add to a static collection (your script)

    – Refresh policy

    – trigger schedule (or software update deployment)

    – remove from collection.

    I need to work on the last 3 steps, if someone know how to do that ?


  11. Freeridah says:

    What security rights does the "Run As" account require to perform this action in SCCM?

  12. JimM says:

    Great now how do you remove it from the collection AFTER the machine is built?

  13. Abhishek Raghav says:

    Nice Post Vinay, but this may not work in scnerios where machine should be added to multiple collections for software packages, Since we have seperate collection for each package/advertisement and its not practical to include all those collection in script.

  14. VinPa says:

    You are absolutely correct Sir! I know this would not be a good solution in a scenario where multiple collections are involved, however I provided this as an example, and it's fairly easy to modify the script to read from a text file containing the collection ID's of all the collections, and then add the machine to them. However, this is where R3 comes in the picture, and with features like Delta AD Discovery and Dynamic Collection Updates, we hopefully would never need to use any such scripts/workarounds anymore.

  15. vina says:

    for more computer queries

  16. NickolajA says:

    Thank you very much! Exactly what we need for our deployment. Great work, keep it up!

  17. Rodney Koolman says:

    Everytime i try to implement this script it gives me this error:

    Error connecting to rootsms namespace to find Provider Location. Exiting!

    Now i think this is because of permissions to the server, however now i use a domain admin account as RUNAS and tested wmi localy. But it keeps failing with: Error connecting to rootsms namespace to find Provider Location. Exiting! Access is denied.

    Please help!

  18. RobertR says:

    Same issue as Rodney Koolman here. trying to use this script in sccm 2012, the account i am running this task sequence step is domain admin, but still i get "exiting -access is denied".

    what could be the cause?

  19. RobertR says:

    fixed it. the account specified in the task sequence must have WMI rights on the sccm server. in my case i added this account as a full sccm admin in the console (Administration – Security – Administrative Users)

    the AD account itself is a standard user account without any special rights.

    hope this helps someone.

  20. JUrbina says:

    You mentioned that the account running this command must have the required rights to run.  What typr of rights are you refering to?

  21. Bruce says:

    Really the unknown machine should be removed from the title as this code is designed to exit if the machine does not exist.

  22. Zech says:

    This doesn't seem to be working in refresh-scenario. Scripts adds the old computer object to the collection during the task sequence. Not the new one as I would like.

  23. PeteG says:

    This does not seem to work for "Unknown" machines. If you check the Membership Rules after the task sequence has ran you will see an entry for "Machine Name – SMSTS" however the only thing that shows up under the collection members is "Unknown"

  24. aburrow says:

    Love the script, it's certainly resolved a number of issues we're having.  What we've been seeing though is when we incorporate this script in a TS which runs through the OS restarts the machine into WinPE, installs an OS then restarts into that OS to begin Software installs.  This script seems to use the original GUID of the machine not the new one. which it is given when the SCCM Client is installed.  The client is re-installed before this script is run.  Is there some method to either refresh with the new GUID or to perhaps add both the old and new GUID into the collection as part of this script?

  25. Chad Simmons says:

    In a customer environment we struggled getting this to work.  After adding error/return codes to each of the wscript.quit statements we found that the script was failing to connect to the SMSProvider due to firewall restrictions.  Per the ConfigMgr documentation, RPC over TCP must be allowed from the client (the computer being imaged) to the SMSProvider (generally a Primary Site Server).

    If you are running the script and the object is not added to the collection membership, be sure to verify each parameter and that the firewall is open.  Adding return codes to the script will also greatly assist with troubleshooting.

  26. Venelin.Ustabashiev says:

    Please be aware that on line 109 you need to change Set oDirectRule to Set oDirectRule = Nothing

  27. Eden Oliveira says:

    Hi Vinay, thanks for your nice post!. I have a question, Where exactly I should create this Command on My Task sequence SCCM 2012 R2 (Which part of the TS)?

    Thanks a lot one more time

  28. Skaggake says:

    Cant get this script to work.

    Do i need to create a package with this file or can i just run a command with UNC path?

    csscript.exe "\$AddMeToCollection.vbs" TT10001F %_SMSTSClientIdentity%

  29. Skaggeake says:

    When test to run the vbscript on local machine with admin rights on SCCM server i get this message:

    Before i got this far i change the last line in the script.

    Set oDirectRule


    Set oDirectRule = Nothing




    Site Server specified:

    Collection ID specified: TT10001F

    SMS Client %_SMSTSClientIdentity%

    Computer Name: WINLAB61

    SMS Provider Namespace = \changed.this.serootsmssite_TT1

    Successfully Connected to the SMS Provider Namespace

    Could not find the Resource ID for the computer. Exiting!

  30. Jason says:


    That should be 'cscript.exe' NOT 'csscript.exe'

  31. D. Rees-Clark says:


    Thanks for the great script. We are using it, and it works well on domain joined Computers, but not on Workgroup Computers. What do I need to change to make this work on Workgroup Computers, too?

    Thanks in advance and best regards,

    D. Rees-Clark