Update Configuration Manager Application Content Locations

I had planned to write this excellent article about using PowerShell to update the content locations of all the applications in an SCCM environment. At work, we moved the source files to a new file server and needed to update 350+ deployment types. Of course, there were some challenges. The biggest is Configuration Manager’s PowerShell cmdlet to get deployment types doesn’t have an explicit property to list the content location. You can still get the information from the cmdlet, but it’s located in the XML data of the object. A PowerShell script to update the content location would have required parsing that XML to get the current location and using the Set-CMDemploymentType cmdlet to update the deployment with the new location.

As usual, someone already did a better job. Nickolaj Anderson from MSEndpointMgr.com wrote a great PowerShell tool with a GUI to help find and update applications. I recommend visiting his website to learn the details.

https://msendpointmgr.com/2017/02/23/configmgr-content-source-update-tool-version-1-0-2-released/

https://msendpointmgr.com/2015/08/26/configmgr-content-source-update-tool-1-0-0/

Have fun.
-Tony

Remove SCCM Old Computer Objects Based on SIDs

There are dozens of blog posts and instructions on how to remove computer objects from Configuration if the corresponding AD object no longer exists. I thought I would put my own spin on the idea since I haven’t seen it before. Many of the guides rely on matching the object’s names to each other. The problem you can run into with this method is reusing computer names. You can delete a computer in AD and add a new one with the same computer name. When Configuration Manager runs its next AD sync it will find the new AD computer object and add it to the inventory. Now Configuration Manager has two computer objects with the same name. As an administrator this can get confusing and if you try to clean up Configuration Manager based on name matching the old object won’t get removed.

Rather than match the objects on name you can use something more unique, like the SID. Configuration Manager capture the AD objects SID during the sync so you can use that to match objects and delete those that no longer exist. You can look at the code below or in github.

Find the PowerShell script at https://github.com/agizmo/SCCM_Computer_Removal_SID

$SiteCode = "<YOUR SITE CODE>" # Site code
$ProviderMachineName = "<YOUR CM SERVER>" # SMS Provider machine name

#Customizations
$initParams = @{}

#Import the ConfigurationManager.psd1 module
if((Get-Module ConfigurationManager) -eq $null) {
Import-Module "$($ENV:SMS_ADMIN_UI_PATH)..\ConfigurationManager.psd1" @initParams
}

#Connect to the site's drive if it is not already present
if((Get-PSDrive -Name $SiteCode -PSProvider CMSite -ErrorAction SilentlyContinue) -eq $null) {
New-PSDrive -Name $SiteCode -PSProvider CMSite -Root $ProviderMachineName @initParams
}

#Set the current location to be the site code.
Set-Location "$($SiteCode):\" @initParams

#As far as I can tell, this is the only way to get the SID for a computer object in SCCM. The prebuilt cmdlets will not return SID
$devices = Get-WmiObject -ComputerName $ProviderMachineName -Namespace "ROOT\SMS\Site_$SiteCode" -Class SMS_R_System
foreach ($device in $devices) {
try {
$sid = new-object System.Security.Principal.SecurityIdentifier($device.SID)
} catch {}
$ADcomputer = Get-ADComputer -Filter {SID -eq $sid} if ($ADcomputer) { #nothing } else { Remove-CMResource -ResourceId $device.ResourceId -Force } Remove-Variable sid Remove-Variable ADcomputer
}

Simple as that. Hope you found this article helpful. And play around with PowerShell. There is near infinite capabilities of the language.

Have fun.
-Tony