System Center

Remove all Configuration Manager direct membership rules.

in

I was working in Configuration Manager and for better or worse I have some collections that require me to populate them manually using direct membership rules. I know that this is not the best practice and that query rules are far superior. However the direct membership rules were a quick solution to the task at hand. I use the Now Micro Right Click Tools to do the collection population.

At some point in the future I found that my original set of devices needed to be refreshed, some devices needed to be removed and some needed to be added. I had an easy way of populating the collection with a massive set of new devices, but my only option to remove devices was to view each membership in the tiny window that you're given when you go to the properties of the collection. Since I knew I would be doing this more than 10 times (which I use as a rough rule to determine when it is time to script/automate something) I decided that there must be a better way. Since I'm already able to easily add members I just needed a way to clear out all of the current.

I did a bit of research and had found a few others who have written scripts to accomplish the same task, however they were using all WMI calls directly to the SMS Provider on the Configuration Manager servers, I wanted something that used the Configuration Manager module that is provided as part of the product. So set out to write a script which actually ended up not taking too much time. If you end up using this script be advised that my PowerShell probably does not follow best practices and should not be used as an example of how to write good scripts.

You should be able to copy and past the following script blog into you're favorite PowerShell script editor. I use the built in PowerShell ISE.

#********************************************************************************#

#
# Script Name: Remove-CMDirectMemberShip.ps1
# Version: 1.0
# Author: Dan Letsinger
# Inception Date: 6/22/2014
#
# Description:I needed a quick way to remove all of the direct memberships of a
# collection in Configuration Manager.
#
#********************************************************************************#
#
# You need to import the Configuration Manager module first in order to connect
# to the Configuration Manager site and run commands. This module is installed
# when you install the Configuration Manager console.
#
Import-Module "C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1"
#
# Enter the site code of the SCCM site that you are connecting to followed by a
# colon. I've noticed that most organizations have named their Central Admin
# Site CAS: so I've put that as the default.
#
Set-Location CAS:
#
# Enter the collection ID of the collection you need to remove all of the direct 
# memberhips from. You can add the collection ID as a column in the Configuration
# Manager console.
#
$CollectionID = "CAS00135"
#
# Add all of the direct memberships to the $Rules variable. Select only rules
# that are direct membership rules (as opposed to a query or other type of rule)
#
$Rules = (Get-CMDeviceCollection -CollectionId $CollectionID).CollectionRules | Where-Object {$_.OverridingObjectClass -eq "SMS_CollectionRuleDirect"}
#
# Loop through each rule that was detected and remove it
#
Foreach ($Rule in $Rules)
{
Remove-CMDeviceCollectionDirectMembershipRule -CollectionId $CollectionID -ResourceId $Rule.ResourceID -Force
}
#
# End
#********************************************************************************#