When we manage application deployment using Active Directory security groups, the machines wont populate in the SCCM device collection after waiting for a period of time. Even though we initiate Run Full Discovery Now from \Administration\Overview\Hierarchy Configuration\Discovery Methods within the SCCM Console.
The main reason for SCCM Collections not adding the devices or users from AD groups is incorrectly configured Active directory group discovery scopes.
Review the security group location in AD and make sure that correct LDAP location selected. If you have fewer AD groups, you can select whole domain. However, if you have large number of AD groups it is recommended to select what exactly required otherwise the discovery process may take long time to complete.