Trigger Manual DEP Sync With Powershell

Greetings fellow admins!
Here is another good one that I spent a few hours digging into WMI and SMSProv verbose logging. Plus some random WMI class calls. Hopefully this will help you fill in somethings missing from the SDK/MSDN documentation.



$wmidate = new-object -com Wbemscripting.swbemdatetime
$date = get-date -format g
$wmidate.SetVarDate($date,$true)

[void] ($thisInstance = ([wmiclass]"\\localhost\root\sms\site_COP:SMS_ActionAccountResult").createinstance() )
[void] ($thisInstance.ActionID = 1)
[void] ($thisInstance.StartTime = $wmidate.value)
[void] ($thisInstance.Put())


$date = get-date -format g
$wmidate.SetVarDate($date,$true)

[void] ($thisInstance = ([wmiclass]"\\localhost\root\sms\site_COP:SMS_ActionAccountResult").createinstance() )
[void] ($thisInstance.ActionID = 2)
[void] ($thisInstance.ActionData = 'syncType,fullSync')
[void] ($thisInstance.StartTime = $wmidate.value)
[void] ($thisInstance.Put())



If you would like to verify it run:
Select * from AccountActionResults
You should see two entries on each run.

Comments

  1. In theory, could this be combined with your solution for scripting the automatic assignment of the enrollment profile? If I understand correctly, that would then fully automate the process of getting new iOS device serial numbers into SCCM and assigning the enrollment profile, as I could schedule the script to run daily at a given time. Right?

    ReplyDelete
    Replies
    1. You are correct, I don't see any reason that the two couldn't be combined into the same script. However keep in mind that the DEP Sync trigger causes a sync to occur between CM and InTune which can be of variable length to complete and process. So you may have to account for that with some sort of delay/sleep if you combine the two into the same script. We have them in separate scripts and running at different times of the day which meets our needs without issue.

      Delete
    2. Awesome. Thanks for sharing!

      Delete
  2. Thanks so much for the script. I have a question about verifying if the sync ran correctly. Where do I issue the command, Select * from v_ActionAccountResult. It errors if I run it in the Powershell window.

    ReplyDelete
    Replies
    1. It is a SQL query, so you would have to run it either in your preferred SQL query editor (I use Microsoft SQL Management Studio). Or you could write some powershell that connects to your CM Database and executes the query.

      Delete
    2. Where exactly do you run the script at, on the primary site?

      Delete
    3. In the form it is on my blog, yes you would run it on your primary site. However if you wanted to run it remotely you have to change the references to point from local to remote.

      Delete
    4. It appeared to run without error which is good. I am still pretty green when it comes to SQL. I run the verify query but ended up with an error on that; Msg 208, Level 16, State 1, Line 1
      Invalid object name 'v_ActionAccountResult'.

      Delete
    5. Appears I made a typo. Try
      Select * from ActionAccountResult

      Delete
    6. I get the same error with that query as well

      Delete
    7. One of these times I'll type it correctly. :) Give this one a try (I copied and pasted this time).

      Select * from AccountActionResults

      You should get back two results for each run.
      ActionID = 1
      ActionID = 2

      Success is with ActionResult = 0 on both.

      Delete
  3. Thanks alot for the script!
    We've tried running the script but it doesn't seem to work (doesn't report any errors). Does anyone know if there are any limitations on how many times the DEP-sync can be executed per day (also DEP sync as non-script).

    I've also tried running this command in SQL Management Studio:
    Select * from ActionAccountResult
    Is it still that same SQL-Query to see if the script ran correctly?

    ReplyDelete
    Replies
    1. My mistake on the SQL query try

      Select * from AccountActionResults

      You should get back two results for each run.
      ActionID = 1
      ActionID = 2

      Success is with ActionResult = 0 on both.

      I'm not aware of any restrictions on often you can run a DEPSync or at least I haven't seen any in my environment. Granted that is probably subject to change without notice as MSFT updates SCCM and Intune.

      Delete
    2. Thanks for the fast reply!
      Yes, that Query worked and the results for Action ID 1 and 2 are 0. But my device doesn't sync back to SCCM even though it's visible in DEP. Something is wrong.. I think I'll open a support case to Microsoft.
      Probably, we are currently running 1702.

      Delete
    3. Yeah sounds like support case might be your best option. I do know that it takes a bit for the sync to complete on the Intune side before it comes back down. But you really don't have much insight on that from our perspective. I also hope that one of these days Microsoft will open that up a bit more so we can see what happens on "The Cloud" side of it.

      Delete

Post a Comment

Popular posts from this blog

Intune Hybrid - NDES Cert Issue

Stuck @ "Waiting for user logon"

Triggering a software update install via Powershell