Creating a Group based on OU (Organizational Unit) in Active Directory


Here is a really cool feature of Opsmgr:  the ability to create groups easily based on any discovered attribute of an object.


OU is something that is part of the Windows Computer object discovery.  If you examine a state view – you will see in the details pane discovered information… and OU is there.  Typically this means we can likely use that object (Windows Computer) and OU will be a discovered attribute of that.





This also means is we personalize a Windows Computer based state view – we can add OU:




To use a grouping, create a group, add Windows Computer object, and then a rule based on OU:





A right click – view group members reveals:


Comments (9)

  1. Kevin Holman says:

    That’s pretty easy…  you can extend Windows Server 2003 Operating system class… and create a registry attribute for the existance of that service.  

    Then – create a group based on that attribute = true.

  2. Kevin Holman says:

    Shoot me an email please with the details of what you are trying to do – I dont completely follow

  3. daviesg says:

    hi Kevin

    The problem with this approach is that the dynamic group does not include the health service of the computers being monitored. So if you create views based on the dynamic groups (or notifications), health service alerts (e.g. missed heartbeat) won’t be included. See



  4. Hi Kevin

    Just be aware that if you create an alert view that is scoped to your dynamic group, you won’t see health alerts (e.g. server or agent down) in the alert view as the health service watcher is not part of the computer class. You’ll need to hack the xml code in your management pack to include the health service as a ‘contained’ element of the group (it can’t be done via the UI).



  5. Mikal says:

    Can you give an example on how to edit the XML code in the management pack. so alert views for the dynamic group can be seen?


  6. Richard says:

    For dynamic groups is it possible to edit the XML to automatically add other objects e.g. Dynamic query finds servers on IP and then adds IIS role, and Exchange Role

  7. jean-david says:


    I wish I could to make a dynamic group of all computer in 2003 Server which have a specific Service that running on it.

    Can you Help me?



  8. james says:

    Nice article. Question, is it possible to create a class based on discovered attribute of objects? As in your example, you created a group based on OU structure. Can I create a class (from Microsoft.Windows.LocalApplication) based on the OU structure too?

  9. RBK says:

    Hi Kevin,
    How can we monitor the changes happening in AD OU? For eg: I want to monitor a specific AD (VIP-OU) in our enterprise for any kind of changes that happens, where we need SCOM to throws alerts. Thanks for you advice and support in advance.