PowerShell

It comes up all the time when I want to know if anything in AD is not listed in CM and has a client, etc.  If you work for an organization that is blessed with having excellent asset management, you could compare CM directly against your CMDB.  But, everyone is not this blessed as it turns out.  And reality being, you really should compare everything in AD to everything in CM.  If its a domain joined computer, you'll probably want to know if it is or is not being managed by CM.

On several occasions at the local user group and at MMS, I have heard the discussion about wanting to have numbers in the task sequence steps that corresponds to the execution steps reported in the smsts.log file and those reported back to the ConfigMgr database (these are both the same numbering of course).  There is also a user voice that exists for this very item and has been there for quite some time.

Often I get access requests, especially for new employees, for setting up someone’s network permissions like Dan's in the marketing department.  Dan is new to the Marketing team and his manager wants his account set up like Paul's account.  So, normally, I would do a side by side comparison in ADUC and then fill in the gaps.  That sounds a little tedious.  So, I wrote a quick function to compare groups and output those that are common between each and unique to each.  Here is a sample of the output from the function:

My coworker and I have recently had a little bit of fun with status messages, using them to trigger emails and other alerts to admins etc.  In playing with them, I was curious on just how many there were, or could be rather.  I then stumbled across this technet gallery post.  So, yes you can do whatever you are trying to track and view all status messages that are sent to CM but, this may be useful in helping narrow that down ahead of time.

So, here we go.

Originally posted on the Cyber Advisors blog on May 7, 2018. Updated and expanded below.

Administration of Configuration Manager is more than a full-time job by itself. Maintaining some sort of documentation for the environment that can be given to management or stored internally can be an all together second job. So, why continue a manual task of creating documentation when you could automate it and have an extensive and detailed document created in minutes instead of hours.