When creating a collection, membership in that collection can either be direct or query based.
Direct membership is a manual membership method in which you, as the administrator, specifically select the resources that are to be members of your new collection.
This can be a powerful tool for you, allowing you complete control over the members of the collection. Using the Create Direct Membership Rule Wizard, you can search one or all existing collections (such as the All Systems default collection, containing all discovered computers) for resources that match the requirements you specify. These requirements can be as restrictive as "all computers with the name X" or as open as "all resources that are clients." Configuration Manager then returns a list of those resources. From this list, you can then select the resources that you want to include in the collection.
Because of the level of control that you can use when selecting specific resources for the collection, creating a collection using the direct membership method can be extremely useful. It gives you the ability to specifically choose who to include and who not to include. For example, if you want to create a collection that's restricted to just a few users in a specific department and absolutely cannot include any others, this method provides the means.
Despite the power of this method, however, the direct membership method has a very significant drawback. Because you specifically define which resources are to be members of the collection, you're also responsible for updating the membership in the collection over time. For example, if computers are added to or removed from the business group encompassed by the collection, you need to add or remove those computers manually. As a result, direct membership collections can be very useful under specific circumstances, but they are usually not effective for widespread use.
|Direct membership collections should only be created after your first Active Directory discovery run is complete. Creating a direct membership collection prior to the completion of the Active Directory discovery may result in collections with clients at the child sites in your enterprise that will not properly resolve.|
Unlike the direct membership method, query-based membership is a dynamic method for creating your collection. This means that you do not define the resources that are to be members of the collections; rather, you define the rules by which those members are placed in the collections. These rules form a query, and Configuration Manager periodically reruns the query to keep the collection up to date.
For example, suppose your company standard for naming computers is to include a departmental code in the name (say, all computers in the human resources department are named HR-PCx, where x is a value that's incremented each time a new computer name is needed). Creating a collection using the direct membership method would be inefficient unless the department was extremely small, and even then you'd have to return periodically to add or remove computers as needed. However, using the query-based method, you can create a collection called "Human Resources" whose membership rule is based on a query that searches the database for all computers whose names begin with "HR." Configuration Manager would then automatically populate the collection with all appropriate computers and then update the collection membership periodically when the next collection query is executed.
Although you do have less direct control over the membership of the collection with the query-based membership method, usually this dynamic method proves to be the most practical and efficient method for creating collections.