Menu
CCMEXEC.COM – Enterprise Mobility
  • Home
  • General
  • Configuration Manager
  • Windows 10
  • Intune
  • GitHub
  • Windows 11
  • About the author
CCMEXEC.COM – Enterprise Mobility

Installing Applications Dynamically during OS using AD group

Posted on May 18, 2016August 25, 2017 by Jörgen Nilsson

As shown and promised at MMS 2016 in Minnesota, probably the best tech event I ever attended by the way!!, I talked about and showed how I have installed applications dynamically using Configuration Manager for the last 4 years during my session with Kent Agerlund and Ryan Ephgrave. I love to keep it simple.

Update: The script is now updated so it supports nested groups and use _SMSTSMachineName as computername. Thanks to Daniel Marklund for great additions!
Installapps1

By reading the application name from the AD group description field instead of from a Collection in Configuration Manager we don’t need access to the Site Server during OSD, the local domain controller will be used. We can also pre-stage computers in AD without having a MAC address yet just by creating the computer in AD and the add it to the groups, the Unknown computer support can be used to deploy the machine for instance, you select the correct name and the applications are installed..

Here is how it works.

– I Use a naming convention for my AD groups which are used in Configuration Manager Collection queries to install applications for example a prefix of “App-“ or “A.” with a suffix for Install groups for instance “.i” something like this “A.7Zip.920.i”

Installapps2

-I put the exact name of the application in Configuration Manager in the Description field of the AD Group. If I don’t want to install the application during OSD simply remove the description.

Installapps3

Installapps4

-In the Task Sequence I run a script that reads the description field from all the groups that starts with my prefix and adds them to the COALESCEDAPPS variable so that they are installed automatically during OS deployment using the built-in step in Configuration Manager.

Installapps5

Then the applications will be installed dynamically

To implement it do the following.

  1. Download the script and add it to a Package in Configuration Manager here: Download
  2. Edit the two variables so it matches your naming convention for your AD groups.
    Installapps6
  3. Add the Application name to the AD groups description field in AD as shown above
  4. Add one step in the task sequence that runs the Powershell script, it must be run in the full Operating System after the “Setup Windows and Configuration Manager”
    Installapps7
  5. Then we add the step to install the applications dynamically.
    Installapps8
  6. On the Options tab for the Install Applications step add the following condition to prevent the task sequence from failing if you don’t have any applications to install.Installapps9

Then you are all set!

Thanks to my awesome colleague Johan Schrewelius, this script was actually a vbscript when the conference started! Johan rewrote it when I was presenting.

colleague
  • Applications Dynamically
  • Configuration Manager
  • SCCM
  • 16 thoughts on “Installing Applications Dynamically during OS using AD group”

    1. Thomas says:
      May 19, 2016 at 9:08 am

      If I remember correctly, you had a similar solution for package also 🙂

      Reply
      1. Jörgen Nilsson says:
        May 20, 2016 at 6:49 pm

        Hi,
        Correct using vbscript, let me know if you want it!
        /Jörgen

        Reply
        1. Simon Tasker says:
          August 30, 2017 at 12:25 pm

          Hi Jörgen,
          Do you by any chance still have the VBScript for dealing with packages rather than Applications?
          It would seem a myself and a few others could really benefit from its use.

          Thanks

          Simon

          Reply
    2. Claus Blaabjerg Hansen says:
      May 20, 2016 at 10:16 am

      Hi,

      I get this error in smsts.log: “No Env variable with specified basename COALESCEDAPPS and suffix ’01’ is found. No application installed.”

      Any ideas?

      Thanks

      Regards

      Claus

      Reply
    3. Claus Blaabjerg Hansen says:
      May 20, 2016 at 11:39 am

      Hi again,

      I have change “OSDComputerName” to “_SMSTSMachineName”. Now it installes one application. But not all of them. It seams that there is something wrong with the foreach loop.

      Regards Claus

      Reply
      1. Jörgen Nilsson says:
        May 20, 2016 at 3:31 pm

        Hi,
        Yes I will change the computername variable used. It is also case-sensitive for the “A.” and “.i” are the “allow applications to be installed during Task Sequence without being deployed” checked for the applications?
        /Jörgen

        Reply
    4. Claus Blaabjerg Hansen says:
      May 20, 2016 at 7:10 pm

      yes, the “allow applications to be installed during Task Sequence without being deployed” is checked. I would also like the vb script.

      Thanks

      /Claus

      Reply
    5. Claus Blaabjerg Hansen says:
      May 20, 2016 at 7:52 pm

      After you have updated the script it works for me. Did you have a solution for packages as well?

      Thanks

      /Claus

      Reply
    6. Stefan Schuh says:
      May 23, 2016 at 12:27 pm

      Hi,
      great Script – There are some Problems using the Script with PowerShell 2.0, for now i’ve not found a solution.

      I have also Extended the Script with logging Function. Please contact by Mail, so i can send you my updated Version.

      Thanks

      Reply
    7. Jarrod says:
      October 13, 2016 at 7:34 pm

      Works great, but why would you rather use this than variables on groups in Config mgr? This route seems to add a step to make sure the computer is part of a group.

      I know all environments are different, for instance in my environment I can say for the most part computers in OU-A should get X applications and computers in OU-B should get Y, therefor variables on a group in CM which are kept up to date by a query on OU seems to be pretty straight forward.

      Even if you stuck with the groups couldn’t you also add the groups to CM (using a query on the AD group) and assign variables to the groups? This would eliminate the need for the Powershell script.

      I understand your method removes the need to communicate with the CM server but is there really any advantage there?

      Thanks

      Reply
      1. Jörgen Nilsson says:
        October 14, 2016 at 2:22 pm

        Hi,
        One reason would be to be able to prestage computers in AD without knowin MAC/UUID and still be able to install applications on them dynamically during OS deployment using AD groups instead.
        Regards,
        Jörgen

        Reply
    8. Allan Chen says:
      November 1, 2016 at 7:28 pm

      That’s an interesting approach to deploy software.

      I currently apply a completely different approach:
      When we’re getting ready to image a workstation, we move the workstation to a specific OU for computer building.
      In order to get a computer up and running as fast as possible, we put the least applications possible in the task sequence. Instead, we have a collection to which base software that are normalized to each computer are deployed as soon as possible outside of maintenance window.

      What this does is, once the computer is imaged, the software deploys ASAP. Once the software is deployed, we move the workstation to the proper OU for production, and in SCCM, it will not figure for outside maintenance window deployment anymore.

      Another possible approach would be to set a very wide maintenance window into the collection to which your newly imaged workstation will appear under until you move them.

      Reply
    9. Thomas says:
      December 27, 2016 at 11:42 pm

      Hi Jörgen,
      Can’t make this work and would appreciate some help.
      Get-AppGroups.ps1 runs with no errors but the next step is skipt because the condition is evaluated to be false.

      I have tried to run the script manually from TS and I can confirm that it finds the Computer and it’s AD groups in AD so I guess that something goes wrong after that. There is no COALESCEDAPPS01 variable or it’s null.

      My prefix = “APP” and suffix = “install”. Application name in CM also starts with APP but that should not matter.

      Reply
    10. Marcus says:
      March 9, 2018 at 11:23 am

      Hi, sounds great. How do I modify the Script, that i can directly use the AD GroupName where my Computer is located. My AD Groups already have the Final Application Name. I have different Prefixes and Suffixes. In my description field are more Information than only the Application Name.
      Thanks in advance.

      Reply
    11. Pingback: Installing Packages and Apps Dynamically during OSD via AD groups – Web service Edition – Deployment Research
    12. Joe says:
      October 14, 2021 at 5:54 pm

      Thanks. It doesn’t seem to work if I have an application group inside another group. I thought that’s what the “support for nested groups” was but maybe it’s something different. Help? Let’s say I create a “Lab” group and put an application “A.app.i” as member of that Lab group, and my computer is also member of the Lab group, it doesn’t seem to pick it up. It will not create the TS variable for it.

      Reply

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    My name is Jörgen Nilsson and I work as a Senior Consultant at Onevinn in Malmö, Sweden. This is my blog where I will share tips and stuff for my own and everyone elses use on Enterprise Mobility and Windows related topics.
    All code is provided "AS-IS" with no warranties.

    Tweets by ccmexec

    Recent Posts

    • Windows Servicing, Personal Teams and Success.cmd
    • Windows MDM Security Baseline – Settings Catalog
    • Configuring MS Edge Security Baseline v107 using Settings Catalog
    • Configuring Desktop App Installer using CSP and script?!
    • Customizing Taskbar and Start in Windows 11 22h2 with PowerShell

    ©2023 CCMEXEC.COM – Enterprise Mobility | WordPress Theme by Superb Themes
    This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
    Privacy & Cookies Policy

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT