SCCM – Software Updates Compliance Reports (Updated)

Recently, I received some suggestions/comments about some of the reports that I published on my blog (and thanks to all of you guys)… and one of them was to add the Maintenance Windows information to the Software Updates Compliance Reports, which I think could be very helpful.

So, here’s an updated version of those reports, which now include the information on the next active maintenance window (if set), plus a new linked report, which gives the Maintenance Windows & Deployments details for the selected collection.

Here are some screenshots of these reports;













PowerShell – Report Inactive AD Users

Recently I’ve start playing a bit with Powershell and here’s a script that I created to audit inactive user accounts in Active Directory. Quickly, the script is searching inactive users in a specific OU as well as all its child OUs.

Then, if there are inactive users, it going to send an email to each OU’s manager containing the following information as well as archiving all the html files into a folder.

Inactive User Report

Noted that in my case, all user’s OUs are within the same OU, such as;


So here’s the script;


#Import AD Module if required
if(@(get-module | where-object {$_.Name -eq “ActiveDirectory”} ).count -eq 0) {import-module ActiveDirectory}

#Define variable

#Report archive folder

#Get Child OUs
$searhOU = Get-ADOrganizationalUnit -SearchBase “ENTER_ROOT_OU_DISTINGUISHEDNAME” -filter * -SearchScope 2


foreach ($OU in $searhOU){

$OUName = $OU.Name

#Define HTML format
$head = @”
body { background-color:#FAFAFA;font-family:Arial;font-size:12pt; }
td, th { border:1px solid black;border-collapse:collapse; }
th { color:white;background-color:black; }
table, tr, td, th { padding: 2px; margin: 0px }
tr:nth-child(odd) {background-color: lightgray}
table { margin-left:50px; }
<H2>This report list inactive users in $OUName OU<BR></H2>

$users = Search-ADAccount -SearchBase $OU.DistinguishedName -accountinactive -TimeSpan $lastDays -usersonly -SearchScope 1 `
| Get-ADUser -Properties * `
| Sort-Object DisplayName `
| Select-Object @{n=’User Name’;e={$_.DisplayName}},@{n=’UserID’;e={$_.samAccountName}} `
,Description,@{n=’Last Logon Date’;e={$_.lastLogonDate}},@{n=’Created On’;e={$_.WhenCreated}} `
, @{n=’Enabled’;e={$_.Enabled}}

if ($users -ne $NULL){

$fragments += $users | ConvertTo-HTML -Fragment
$filePath = Get-Date -uformat ($folderPath + $OUName + “_%d%m%Y.htm”)

ConvertTo-HTML -Head $head -Body $fragments -PostContent “<br><br><i>report generated: $(Get-Date)</i>” `
| Out-File -FilePath $filePath -Encoding ascii

$to = $OU.ManagedBy | Get-ADObject -properties * | Select-Object -ExpandProperty mail
$subject = “Report – Inactive user”
$body = (get-content $filePath ) | out-string

send-MailMessage -SmtpServer $smtp -To $to -From $from -Subject $subject -Body $body -BodyAsHtml

$obj = $NULL
$fragments = $NULL
$users = $NULL


Remove-Variable * -Force -ErrorAction SilentlyContinue

SCORCH – SCObjectGuid is not valid for the given criteria

Recently, we’ve been working on Service Manager performace optimization, and one of the change we’ve made (based on both technet and MMS 2013 recommendations; ) is to change the group caculation interval.

Since then, most of our service requests who contained runbook activities, have started to fail…with the error, “SCObjectGuid is not valid for the given criteria”.


So, after investigating a bit, I noticed that the user account defined in the SCORCH integration pack, is impacted by this setting…

Then based on my knowledge, I was facing two choices, either give administrator privileges to the SCSM account in SCORCH or configure a loop in the Runbook with the following value and that until the service request relationship change (in my case 10 minutes)

–          Loop Exist condition, does not match the pattern

–          value;  ^$ (check for null value)

So, If you want to check if you’re impacted by this behavior, you can look at the SR history and check when the relationship class changes happen vs. when the RB activity.



SCCM – Software Updates Compliance Reports

Here’s a report that I’ve created to obtain the compliance status for the software updates. The first report will allow you to get the information for selected update classifications and for a specific collection. Then the second report, give you the ability to drill down for a specific computer and get the detail by computer as well as the % of compliance based on the selected classification(s).

Here are some screenshots of this reports;

Software Updates – Collection Status


Software Updates – Computer Status


You can also expand the result by classification to get the detail.


Also note that the targeted count don’t include the updates which are already installed.

So if you’d like to use them, the only thing you need it’s to download those .RDL files, import it and changed the datasource for the appropriate one.

– Software update – Compliance Status By Collection

– Software update – Compliance Status By Computer

SCCM – Report To Get All Java Versions

Here’s a quick post about a custom report that I’ve created to inventory all the java versions installed on sccm clients. It will allow you to get the details by version as well as the ability obtain to drill down and get all the computer(s) by a specific version.

Dashboard View

Screenshot of the dashboard view, which contain the top 10 version.

Computer(s) Detail

Detailled view by specific version, which you can get by clicking on the dashboard or the version column

So basically, the only thing you need it’s to download those .RDL file, import it and changed the datasource for the appropriate one.

Computer(s) Detail.rdl (make sure that the report name will stay exactly the same,  if not the drill down will not work);

Java Inventory Report.rdl;