Delete AD Group when application is removed or retired in Configuration Manager 2012 with Orchestrator

When using Active Directory (AD) application groups for deploying applications in Configuration Manager (SCCM) it might be nice to get the groups removed automatically when removing or putting the applications to the status retire in SCCM. The following example will do exactly that.

There is a few prerequisites for getting this to work with this solution. First the application groups in AD needs to have the PackageID in their names. This to be sure that the application group in AD corresponds to the right application in SCCM.

Other prerequisites is that the Integration Pack “Execute PowerShell Script” is installed on the Runbook server and that WinRM is enabled on the SCCM 2012 server.

To remove the application groups two Runbooks has been created. One that removes the application groups for the expired SCCM applications and one that removes the application groups for deleted SCCM applications.

Below the two Runbooks are presented together with some explanations.

Delete AD Application Group for Expired SCCM Application
This Runbook will delete the AD application groups for the expired applications in SCCM 2012.

 Delete AD Group when application is removed or retired in Configuration Manager 2012 with Orchestrator1

Activities information
Below one can see screenshots of the Activities.

Delete AD Group when application is removed or retired in Configuration Manager 2012 with Orchestrator2
PS Scipt 01
Import-Module “C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1”;
Set-Location P01:
Get-CMApplication | Select-Object -Property LocalizedDisplayName, PackageID, IsExpired | % {if ($_.IsExpired -eq $True) {$_.PackageID +”,”+ $_.LocalizedDisplayName}} 

Delete AD Group when application is removed or retired in Configuration Manager 2012 with Orchestrator3

Delete AD Group when application is removed or retired in Configuration Manager 2012 with Orchestrator4

Delete AD Group when application is removed or retired in Configuration Manager 2012 with Orchestrator5

Delete AD Application Group for Removed SCCM Application
This Runbook will delete the AD Application Groups for the Removed Applications in SCCM 2012.

 Delete AD Group when application is removed or retired in Configuration Manager 2012 with Orchestrator6

Activities information
Below one can see screenshots of the Activities.

Delete AD Group when application is removed or retired in Configuration Manager 2012 with Orchestrator7

Delete AD Group when application is removed or retired in Configuration Manager 2012 with Orchestrator8

Delete AD Group when application is removed or retired in Configuration Manager 2012 with Orchestrator9

Delete AD Group when application is removed or retired in Configuration Manager 2012 with Orchestrator10

No comments yet.

Leave a Reply