Client Management Suite

toca,
There is a build in report "Count of users with Admin rights" (or something similar to that) in the Inventory reports.  It will allow you (I believe) to dump the membership of all computers' Administrators groups.  This will not however dump all the group memberships of AD groups, unless you import those groups from AD as far as I know.

Hi Kyle,

I saw your comment in the post and thought you would be the perfect person to ask.
I have a requirement to report on all user accounts and security groups in AD.
I would like to see security info from users and accounts eg. user A has ADMINISTRATOR rights or user A is in the ADMINISTRATORS security group.

Will i be able to get this info out of the import; I tried  but no cigar.

We found the primary user option to be hit or miss. For this reason we're using the asset owner information to assign software to the machine. See below for the sql query. The first query builds the collection for us based upon the user associate. The second query (after the union) allows us to add the computers that were assigned to the group. This enables us to assign a computer to the AD group which works well for computers that are shared or for users that have more then one computer and the software license cost is too expensive software to install on more then one of their computers.

-- Start --
select tag.name, tag.guid from vcomputer tag         
join resourceassociation raown on tag.guid = raown.parentresourceguid and raown.resourceassociationtypeguid = 'ED35A8D1-BF60-4771-9DDE-092C146C485A'         
join inv_security_groups sec on raown.childresourceguid = sec._ResourceGuid         
where sec."Group Name" = 'CN=GROUPNAME,OU=Manufacturer,OU=ALTIRIS,OU=APPLICATION,OU=GROUPS,DC=AD,DC=Domain,DC=COM'   
and tag.guid not in (select _resourceguid from inv_shared_computers share where share."Hotel / Shared Computer" = '1')  
union all    
select tag.name, tag.guid from vcomputer tag    
join inv_security_groups sec on tag.guid = sec._resourceguid    
where sec."Group Name" = 'CN=GROUPNAME,OU=APPLICATION,OU=ALTIRIS,OU=APPLICATION,OU=GROUPS,DC=AD,DC=DOMAIN,DC=COM'
-- Stop --

Hi theMike,
You need to add an additional AD Import rule. When you define the rule, you want to import User resources from a Source of "Security Groups". Check both boxes for "Create security group collections" and "Match computers with primary users". Define your domain in the first part of the import config, then in the "starting from" part, you can add the groups you want to import.

Do you do anything special to import your security groups from AD? Looking under Resource Management>Collections>Directory Collections>My Domain I have three folders:
Organizational Units
Organizational Units - Users to Machines
Sites
I can not find where Security Groups - Users to Machines is and am wondering if I am not importing them in our Active Directory import.
Any advice would be appreciated as I would like to take advantage of this for our company. Thanks.

We have been using this method to deploy software for a while now.
The only downside is that sometimes users may use more than one computer or users may share a computer so if software licensing is an issue you may want to be careful with this one.
It really does save a lot of time though and makes it so that you never have to modify the collection once it is created.