Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Symptoms

In Microsoft SystemCenter 2012 R2 Configuration Manager, when a user becomes a cloud-managed user, a settings policy may not target the assignment for the user.

Notes

  • This problem affects only environments that use the Intune Connector together with Configuration Manager.

  • This problem occurs only when Cumulative Update 2 or Cumulative Update 3 for Configuration Manager is installed.


Resolution

To resolve this problem, apply this hotfix. The hotfix prevents this policy assignment problem from occurring.

Note If policy assignments are missing before you apply this hotfix, see the "More Information" section before you apply this hotfix.

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website:

http://support.microsoft.com/contactus/?ws=supportNote The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, you must have Cumulative Update 2 or Cumulative Update 3 for System Center 2012 R2 Configuration Manager installed.

Restart information

You do not have to restart the computer after you apply this hotfix.

Note We recommend that you close the Configuration Manager administration console before you apply this hotfix package.

Hotfix replacement information

This hotfix does not replace any previously released hotfix.

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Cumulative Update 2 for System Center 2012 R2 Configuration Manager

File name

File version

File size

Date

Time

Platform

Update.sql

Not applicable

4,249

29-May-2014

23:25

Not applicable

Cumulative Update 3 for System Center 2012 R2 Configuration Manager

File name

File version

File size

Date

Time

Platform

Update.sql

Not applicable

4,247

24-Aug-2014

23:25

Not applicable


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

If policy assignments are missing before you install this hotfix, you can correct this situation by running the following SQL script. It should be run after applying the hotfix.

SET NOCOUNT ON
SET NOEXEC OFF
IF dbo.fnIsCas() = 1
BEGIN
    RAISERROR(N'This script needs to be run in primary site', 15, 1)
    SET NOEXEC ON
END
GO
DECLARE @PolicyCollMap TABLE (PADBID INT, CollectionID INT)
DECLARE @CollectionID INT
DECLARE @PADBID INT
DECLARE @TotalAddedRows INT = 0
DECLARE @AddedRows INT = 0
INSERT INTO @PolicyCollMap (PADBID, CollectionID)
SELECT PC.PADBID, PC.CollectionID FROM PolicyCollMapFlat PC 
INNER JOIN Collections C ON PC.CollectionID = C.CollectionID
INNER JOIN PolicyAssignment PA ON PA.PADBID = PC.PADBID 
INNER JOIN MDMPolicy MP ON MP.PolicyID = PA.PolicyID  
WHERE PC.AutoTarget = 1 AND C.CollectionType = 1 AND MP.PolicyType = 1
WHILE EXISTS (SELECT * FROM @PolicyCollMap)
BEGIN
    SELECT TOP (1) @PADBID = PADBID, @CollectionID = CollectionID, @TotalAddedRows = 0 FROM @PolicyCollMap
    WHILE (1 = 1)
    BEGIN
        MERGE TOP (1000) MDMUserPolicyAssignment MDMUPA    
        USING
        (
            SELECT DISTINCT PA.PolicyID, U.CloudUserID, MDMP.PolicyBodyHash, MDMP.PolicyType, GETUTCDATE()   
            FROM Collections C  
            INNER JOIN PolicyCollMapFlat PCMF ON PCMF.AutoTarget = 1 AND PCMF.PADBID = @PADBID AND PCMF.CollectionID = C.CollectionID AND C.CollectionID = @CollectionID AND C.CollectionType = 1  -- User Collection
            INNER JOIN PolicyAssignment PA ON PA.PADBID = PCMF.PADBID   
            INNER JOIN ResPolicyCollMap RPCM ON PCMF.PADBID = RPCM.PADBID AND RPCM.CollectionID = PCMF.CollectionID   
            INNER JOIN User_DISC U ON U.ItemKey = RPCM.MachineID  
            INNER JOIN MDMPolicy MDMP ON MDMP.PolicyID = PA.PolicyID AND MDMP.PolicyType = 1
            WHERE ISNULL(U.CloudUserID, N'00000000-0000-0000-0000-000000000000') != N'00000000-0000-0000-0000-000000000000'
        ) Source ( PolicyID, CloudUserID, PolicyBodyHash, PolicyType, LastUpdateTime )     
        ON (MDMUPA.PolicyID  = Source.PolicyID AND
            MDMUPA.UserID = Source.CloudUserID AND
            MDMUPA.PolicyType = Source.PolicyType)
        WHEN NOT MATCHED THEN
            INSERT ( PolicyID, UserID, PolicyBodyHash, PolicyType, LastUpdateTime)     
            VALUES ( Source.PolicyID, Source.CloudUserID, Source.PolicyBodyHash, Source.PolicyType, Source.LastUpdateTime);
        SET @AddedRows = @@ROWCOUNT
        SET @TotalAddedRows = @TotalAddedRows + @AddedRows
        IF @AddedRows < 1000
        BEGIN
            BREAK
        END
    END
    PRINT N'Added ' + CAST(@TotalAddedRows AS NVARCHAR(100)) + N' users into MDMUserPolicyAssignment for PADBID = ' + CAST(@PADBID AS NVARCHAR(100)) + N' and CollectionID = ' + CAST(@CollectionID AS NVARCHAR(100))
    DELETE @PolicyCollMap WHERE PADBID = @PADBID AND CollectionID = @CollectionID
END


References

Learn about the terminology that Microsoft uses to describe software updates.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×