Active Directory service discovery failed

Similar Messages

• Storage Integration with Active Directory Services Part 2

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  Having your storage device join Active Directory Services can be relatively straightforward.  What do do if the JOIN button fails?  This demo goes through a basic checklist from network to server. Demo covers integration between the NSS2000/3000/4000/6000 platform and Microsoft ADS Server 2003.
  Part 1 - Network Overview
  Part 2 - NSS Configuration
  Part 3 - Connecting a share
  Part 4 - Server 2003 Administration
  Note: Some artistic license was used to make the test environment more easy to illustrate but the principles are the same in a live network.

  Hi Angus,
  Policy Server does not require a specific LDAP schema. During configuration you simply map the LDAP attributes of your schema to the ones that Policy Server supports (e.g., common name, email address, etc).
  If you are configuring Policy Server to use an LDAP, it will use the LDAP to authenticate the user (Policy Server does not store the password itself in this case).
  If passwords are stored outside of the LDAP (e.g., in a database), it is possible to write a custom authentication provider to authenticate against this source.
  Hope this helps,
  -Bill

• Storage Integration with Active Directory Services Part 4

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  Having your storage device join Active Directory Services can be relatively straightforward.  What do do if the JOIN button fails?  This demo goes through a basic checklist from network to server. Demo covers integration between the NSS2000/3000/4000/6000 platform and Microsoft ADS Server 2003.
  Part 1 - Network Overview
  Part 2 - NSS Configuration
  Part 3 - Connecting a share
  Part 4 - Server 2003 Administration
  Note: Some artistic license was used to make the test environment more easy to illustrate but the principles are the same in a live network.

  Hi Angus,
  Policy Server does not require a specific LDAP schema. During configuration you simply map the LDAP attributes of your schema to the ones that Policy Server supports (e.g., common name, email address, etc).
  If you are configuring Policy Server to use an LDAP, it will use the LDAP to authenticate the user (Policy Server does not store the password itself in this case).
  If passwords are stored outside of the LDAP (e.g., in a database), it is possible to write a custom authentication provider to authenticate against this source.
  Hope this helps,
  -Bill

• Active Directory Services Can't Connect to Domain

  I removed Active Directory services form a server running 2012. I then went to reinstall and reconfigure it, but I keep running into issues. When I launch active directory admin center it gives me an error that it can't connect to any domain, and I can't
  make any changes. The local server has already been promoted to the domain controller. Here is the output from dcdiag:
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     Home Server = ACSSVR
     * Identified AD Forest. 
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\ACSSVR
        Starting test: Connectivity
           ......................... ACSSVR passed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\ACSSVR
        Starting test: Advertising
           Fatal Error:DsGetDcName (ACSSVR) call failed, error 1355
           The Locator could not find the server.
           ......................... ACSSVR failed test Advertising
        Starting test: FrsEvent
           ......................... ACSSVR passed test FrsEvent
        Starting test: DFSREvent
           There are warning or error events within the last 24 hours after the
           SYSVOL has been shared.  Failing SYSVOL replication problems may cause
           Group Policy problems. 
           ......................... ACSSVR failed test DFSREvent
        Starting test: SysVolCheck
           ......................... ACSSVR passed test SysVolCheck
        Starting test: KccEvent
           A warning event occurred.  EventID: 0x80000B46
              Time Generated: 03/02/2015   12:00:00
              Event String:
              The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate,  Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification)
  and LDAP simple binds that  are performed on a cleartext (non-SSL/TLS-encrypted) connection.  Even if no clients are using such binds, configuring the server to reject them will improve the security of this server. 
           A warning event occurred.  EventID: 0x80000734
              Time Generated: 03/02/2015   12:00:37
              Event String:
              The local domain controller could not connect with the following domain controller hosting the following directory partition to resolve distinguished names. 
           ......................... ACSSVR passed test KccEvent
        Starting test: KnowsOfRoleHolders
           ......................... ACSSVR passed test KnowsOfRoleHolders
        Starting test: MachineAccount
           ......................... ACSSVR passed test MachineAccount
        Starting test: NCSecDesc
           ......................... ACSSVR passed test NCSecDesc
        Starting test: NetLogons
           Unable to connect to the NETLOGON share! (\\ACSSVR\netlogon)
           [ACSSVR] An net use or LsaPolicy operation failed with error 67,
           The network name cannot be found..
           ......................... ACSSVR failed test NetLogons
        Starting test: ObjectsReplicated
           ......................... ACSSVR passed test ObjectsReplicated
        Starting test: Replications
           ......................... ACSSVR passed test Replications
        Starting test: RidManager
           ......................... ACSSVR passed test RidManager
        Starting test: Services
           ......................... ACSSVR passed test Services
        Starting test: SystemLog
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 03/02/2015   11:21:34
              Event String:
              Name resolution for the name teredo.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 03/02/2015   11:21:58
              Event String:
              The WinRM service is not listening for WS-Management requests. 
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 03/02/2015   11:26:01
              Event String:
              The Vstor2 Virtual Storage Driver service failed to start due to the following error: 
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 03/02/2015   11:26:01
              Event String:
              The Vstor2 MntApi 2.0 Driver (shared) service failed to start due to the following error: 
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 03/02/2015   11:26:16
              Event String:
              Name resolution for the name teredo.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
           An error event occurred.  EventID: 0x0000002E
              Time Generated: 03/02/2015   11:34:32
              Event String:
              The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
           An error event occurred.  EventID: 0xC0001B6F
              Time Generated: 03/02/2015   11:34:32
              Event String:
              The Windows Time service terminated with the following error: 
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 03/02/2015   11:35:01
              Event String:
              The WinRM service is not listening for WS-Management requests. 
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 03/02/2015   11:39:08
              Event String:
              Name resolution for the name _ldap._tcp.dc._msdcs.ACS.local. timed out after none of the configured DNS servers responded.
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 03/02/2015   11:39:27
              Event String:
              The Vstor2 Virtual Storage Driver service failed to start due to the following error: 
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 03/02/2015   11:39:27
              Event String:
              The Vstor2 MntApi 2.0 Driver (shared) service failed to start due to the following error: 
           A warning event occurred.  EventID: 0x000727AA
              Time Generated: 03/02/2015   11:39:40
              Event String:
              The WinRM service failed to create the following SPNs: WSMAN/ACSSVR.ACS.local; WSMAN/ACSSVR. 
           A warning event occurred.  EventID: 0x0000000C
              Time Generated: 03/02/2015   11:39:39
              Event String:
              Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in
  the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the
  authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
           A warning event occurred.  EventID: 0xC000042B
              Time Generated: 03/02/2015   11:42:01
              Event String:
              The RD Session Host server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
           An error event occurred.  EventID: 0x00000469
              Time Generated: 03/02/2015   11:44:31
              Event String:
              The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain
  controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
           An error event occurred.  EventID: 0x00000469
              Time Generated: 03/02/2015   11:45:05
              Event String:
              The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain
  controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
           An error event occurred.  EventID: 0x0000168F
              Time Generated: 03/02/2015   11:55:22
              Event String:
              The dynamic deletion of the DNS record 'ACS.acsolutionsinc.net. 600 IN A 192.168.56.1' failed on the following DNS server:  
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 03/02/2015   11:55:22
              Event String:
              Name resolution for the name acsolutionsinc.net timed out after none of the configured DNS servers responded.
           An error event occurred.  EventID: 0x0000168F
              Time Generated: 03/02/2015   11:55:47
              Event String:
              The dynamic deletion of the DNS record '_ldap._tcp.ACS.acsolutionsinc.net. 600 IN SRV 0 100 389 ACSSVR.ACS.acsolutionsinc.net.' failed on the following DNS server:  
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 03/02/2015   11:55:53
              Event String:
              The WinRM service is not listening for WS-Management requests. 
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 03/02/2015   11:55:53
              Event String:
              Name resolution for the name _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ACS.local. timed out after none of the configured DNS servers responded.
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 03/02/2015   11:59:53
              Event String:
              Name resolution for the name _ldap._tcp.dc._msdcs.ACS.local. timed out after none of the configured DNS servers responded.
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 03/02/2015   12:00:13
              Event String:
              The Vstor2 Virtual Storage Driver service failed to start due to the following error: 
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 03/02/2015   12:00:13
              Event String:
              The Vstor2 MntApi 2.0 Driver (shared) service failed to start due to the following error: 
           A warning event occurred.  EventID: 0x000727AA
              Time Generated: 03/02/2015   12:00:25
              Event String:
              The WinRM service failed to create the following SPNs: WSMAN/ACSSVR.ACS.local; WSMAN/ACSSVR. 
           A warning event occurred.  EventID: 0x0000000C
              Time Generated: 03/02/2015   12:00:25
              Event String:
              Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in
  the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the
  authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
           A warning event occurred.  EventID: 0xC000042B
              Time Generated: 03/02/2015   12:02:47
              Event String:
              The RD Session Host server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
           An error event occurred.  EventID: 0x00000469
              Time Generated: 03/02/2015   12:05:17
              Event String:
              The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain
  controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
           An error event occurred.  EventID: 0x00000469
              Time Generated: 03/02/2015   12:05:17
              Event String:
              The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain
  controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
           ......................... ACSSVR failed test SystemLog
        Starting test: VerifyReferences
           ......................... ACSSVR passed test VerifyReferences
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : ACS
        Starting test: CheckSDRefDom
           ......................... ACS passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ACS passed test CrossRefValidation
     Running enterprise tests on : ACS.local
        Starting test: LocatorCheck
           Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
           A Global Catalog Server could not be located - All GC's are down.
           Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
           A Time Server could not be located.
           The server holding the PDC role is down.
           Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
           1355
           A Good Time Server could not be located.
           Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
           A KDC could not be located - All the KDCs are down.
           ......................... ACS.local failed test LocatorCheck
        Starting test: Intersite
           ......................... ACS.local passed test Intersite
  I've been trying to debug errors one at a time, but I'm having a hard time finding any information that pertains to this issue as a whole. Anything you can tell me about this would be great, thank you for reading. 

  It was the only server in the network, the only dc in the old forest. When I re-installed ad ds I gave the new forest different name, but I guess the old settings are still in the system somewhere conflicting with the new setup? Is there a way to
  purge the old setup entirely and start over with ad ds, or am I going to have to re-install the whole OS? Thanks again for the help.
  Honestly, the best way to handle this is to rebuild the server. There are many things that are "left behind" when you remove the Domain / Forest from a Domain Controller. In fact many articles will say after using ADMT (active directory migration
  tool) you should decommission the original Domain Controller (aka reinstall the OS).
  While you could spend more time trying to get that domain controller working, it absolutely is going to be 1) More reliable 2) faster to reinstall the OS on the old domain controller. If you are still leveraging storage, or services on that domain controller,
  you will want to back them up, or have a transition plan before reinstalling everything on the server. I have a feeling if you choose to keep troubleshooting this, you will run into more issues down the road.
  Entrepreneur, Strategic Technical Advisor, and Sr. Consulting Engineer - Strategic Services and Solutions Check out my book - Powershell 3.0 - WMI: http://amzn.to/1BnjOmo | Mastering PowerShell Coming in April 2015!

• Error in Active Directory System Discovery (0x80005010)

  Hi,
  I've configured Active Directory System Discovery in a SCCM 2007 R2 SP2 configuration. I see several SCCM clients being populated with OU information, but others do not. I've taken a look in the adsysdis.log. There it states for a very large number of computer accounts:
  INFO: discovered object with ADsPath = 'LDAP://<domain controller>/<DN computerobject>'
  WARN: Could not get property (domain) for system (0x80005010)
  Afterwards there is no entry that states a ddr is written for this computer object and the SCCM client object is not populated with information.
  Can someone explain what exactly is the issue, and how to solve it?

  I got exactly same issue - SCCM 2007 SP2 two primary sites (one central). AD sctructure got one forest and two domains.
  Does anyone solved this issue ?
  adsysdis.log :
  Starting the data discovery. SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: Processing search path: 'LDAP://CN=COMPUTERS,DC=MY,DC=DOMAIN'. SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: Full synchronization requested SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: DC DNS name = 'dc01.my.domain' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: search filter = '(&(objectClass=user)(objectCategory=computer))' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: ads path = 'LDAP://dc01.my.domain/CN=COMPUTERS,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: Bound to 'LDAP://dc01.my.domain/CN=COMPUTERS,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=TEST1,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=COMP2,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=SRV2,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=SRV3,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: Could not get property (operatingSystem) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: Could not get property (operatingSystemVersion) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: Could not get property (dNSHostName) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  ERROR: System SRV3 is a unsupported operating system, unsupported version, or malformed AD entry. Reported system type is:  (). SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: CADSource::ProcessSystemInfo: Failed to get IP Address for the system. SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)

• Changes in Microsoft Active Directory Services into a file

  I am in need of sample code to capture changes in Active Directory services into a flat file.
  Here is my requirement:
  I would like to capture user information changes from the Active directory server into a flat file.
  For an example, When a user is newly created in Actives Directory Server, I need to Capture that user info and write into a flat file. Similarly for update and delete user in Activer Directory server, i need to capture the changes and write into a file.
  Would appreciate, if any could help me on this
  Thanks in advance
  Thanks
  Kumar

  Refer to:
  JNDI, Active Directory & Persistent Searches (part 1) http://forum.java.sun.com/thread.jspa?threadID=578338&tstart=200
  There was another topic that I posted called JNDI, Active Directory and Persistent Searches (part 2) in which I described teh LDAPNotification Control.
  It had the following URL http://forum.java.sun.com/thread.jspa?threadID=578342&tstart=200 however it seems as though I have suffered another case of the forum losing my posts.

• Remove Active Directory User Discovery

  We're looking at enabling Active Directory User Discovery in our Config Mgr 2012 instance as as part of testing Intune.  If we decide to not implement Intune, will we be able to disable Active Directory User Discovery, and remove that information from
  the database?
  If so, is there good documentation on how to do this?
  Thanks

  The easiest is to disable the Active Directory User Discovery
  and than delete all the users from the All Users collection.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Excluding some computers from Active Directory System Discovery

  Hi,
  I am trying to exclude some computers from Active Directory System Discovery. I created a new Organizational Unit for those excluded computers and that OU is NOT under the OU that I am discovering  in the OU hierarchy. I specified the location
  to be discovered under the Active Directory System Discovery properties. However, it is still discovering the computers that I wanna exclude from the discovery.  I deleted those computers from console manually and run the discovery again, it still
  discovers them.
  What I might be doing wrong?
  Thanks
  Yavuz Selim Atmaca

  Hi,
  If you check under properties on the object, you can see which discovery agent is discovering the reasource, it could be the Group Discovery as well. That is where I would start to troubleshoot it.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Exclude servers from Active Directory System Discovery

  We would like to exclude all servers from being discovered by Active Directory System Discovery. Is there any way to achieve this, i. e. with a custom LDAP query? Or does SCCM always detect all systems in the configured OUs? (Moving all servers to a separate
  OU is not an option.)

  Well, good question ;) ... We don't use SCCM on servers, and the basic reason was excluding them from statistics. Of course we want to prevent accidental client installation, but that can be done in other ways (like mentioned by Eswar).
  Still, we always get tons of "computers without client", low success rates etc. Of course all that can be adjusted, excluding servers from "All Systems" etc., but excluding the servers directly from discovery would be the easiest way. If it can't be done,
  it can't be done, and we will be able to live with that. I just wanted to know IF it can be done.
  Well.If that is the issue with reporting,then you may have to edit the report to avoid servers in displaying in reports ,so will be on right track with results.
  Or while creating collections to exclude certain number of computers or may be more,create a AD sec group and all the computers to it .Create collection to exclude computers which are member of this AD group to aviod accidentals installation...
  Please click on "vote as Helpful" if you feel this post helpful to you.
  Eswar Koneti | Configmgr blog:
  www.eskonr.com | Linkedin: Eswar Koneti

• After Active Directory System Discovery, some computers have Operating_System_Name_and0 as only the version number

  Good morning,
  We've been experiencing some odd behavior with discovery.  After Active Directory System Discovery, some computers have Operating_System_Name_and0 as only the version number; for example, " 6.1" (note the space before the 6) vs.
  "Microsoft Windows NT Workstation 6.1" (although, not limited to Windows 7 workstations).
  Here are two seemingly identical machine records in Active Directory WCBWIN7VDI10 and WCBWIN7VDI11.
  After discovery
  select Name0, Operating_System_Name_and0 from v_r_system where Name0 LIKE 'WCBWIN7VDI1[0,1]'
  yields
  Name0 Operating_System_Name_and0
  WCBWIN7VDI10  6.1
  WCBWIN7VDI11 Microsoft Windows NT Workstation 6.1
  For discovery on a new domain yesterday we have the following distribution:
  select count (*) as [count], convert (nvarchar, Creation_Date0, 110) as [creation date], Operating_System_Name_and0
  from v_r_system where Full_Domain_Name0 like 'aaa.bbb.ccc'
  group by Operating_System_Name_and0, convert (nvarchar, Creation_Date0, 110)
  order by Operating_System_Name_and0
  count
  creation   date
  Operating_System_Name_and0
  274
  12-01-2014
  3
  12-01-2014
   5.0
  23
  12-01-2014
   5.1
  124
  12-01-2014
   5.2
  20
  12-01-2014
   6.0
  5109
  12-01-2014
   6.1
  6
  12-01-2014
   6.2
  4
  12-01-2014
   6.3
  1
  12-01-2014
  CentOS 6.0
  13
  12-01-2014
  Microsoft   Windows NT Server
  54
  12-01-2014
  Microsoft   Windows NT Server 5.2
  9
  12-01-2014
  Microsoft   Windows NT Server 6.0
  120
  12-01-2014
  Microsoft   Windows NT Server 6.1
  2
  12-01-2014
  Microsoft   Windows NT Server 6.2
  7
  12-01-2014
  Microsoft   Windows NT Server 6.3
  6
  12-01-2014
  Microsoft   Windows NT Workstation 5.1
  3501
  12-01-2014
  Microsoft   Windows NT Workstation 6.1
  1
  12-02-2014
  Microsoft   Windows NT Workstation 6.1
  5
  12-01-2014
  Microsoft   Windows NT Workstation 6.2
  1
  12-01-2014
  Microsoft   Windows NT Workstation 6.3
  2
  12-01-2014
  SLES 11
  6
  12-01-2014
  Windows   Embedded Standard 6.1
  Anybody know why this occurs?  We typically build our server vs. workstation collections with this.
  Thanks,
  Terence Durning

  Hi Terence,
  What is the value in Active Directory for the computer account?
  Do you have the same behavior if you run this query? 
  SELECT DISTINCT Operating_System_Name_and0 FROM v_R_System ORDER BY 1
  You are talking about a space before 6.1. Do I see also a space for all Microsoft Windows like "Microsoft   Windows NT Workstation 6.3" ? 
  Nick Pilon - Blog: System Center Dudes

• Doing Active Directory System Discovery security roles

  Hi Experts
  I am assigning users who have specific roles in SCCM2012 (Reporting, application management etc) , they are not assigned with permissions which is the same as Full Administrator or Operation Manager. 
  The team would like to run Active Directory System Discovery on the Primary Site server to detect the computer objects found in the AD once they have joined the new computers to the domain, they are unable to perform RUN on the Active Directory System Discovery
  as the option is not available to them. Possible to advise, which additional security roles should I assign to them so that the RUN command can appear?? They are unable to do this with the current permission as listed below, RUN is not listed when they right
  click on Active Directory System Discovery, unlike the Full Administrator:
  Application Administrator
  Application Author
  Application Deployment Manager
  Operating System Deployment Manager
  Read-only Analyst
  Remote Tools Operator
  Software Update Manager

  Hi,
  You could create a Custom role and modify the rights.
  Administration workspace >Security >Security Roles >Select a Built-in role >Click Copy on the ribbon.
  Otherwise, Role-based Administration Modeling and Auditing Tool helps administrators to model and audit RBA configurations.
  http://www.microsoft.com/en-us/download/details.aspx?id=36213
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• DNS The Zone cannot be deleted - the active directory service is not available

  Hello TechNet Members,
  As you can see from the Summery, I got this message when I'm trying to delete DNS Zone.
  It's not matter if the DNS Zone newly created or its an Old One.
  After this message the computer is telling you "The Computer is about to make Restart".
  It's so strange and i really don't know what to check first.
  More Information:
  5 Servers that Replicate together.
  The Operation System is Windows Server 2012R2 for all the entire DC's
  1 Domain In the Forest.
  Thanks,

  Hi Jesper,
   DCdiag /fix and no errors in there everything marked as PASSED.
   I did Demotion for one of the DC to troubleshoot, but with no luck i'm back to the same point i started
   I tried to delete the brand new Zone from the commandline using DNScmd it's still not working and the  computer is reboot himslef.
  I've checked the permissions from the ADSIEdit.msc:
  Inherit from MicrosoftDNS section to the ROOT
  DNSAdmins > Full Control
  Domain Admins > Full Control
  From "DNS Server" section at the EventViewer
  The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS
  data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet
  Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
  "The DNS server was unable to complete directory service enumeration of zone TestZone1.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active
  Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error. "
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  Thanks,

• Windows DNS - Active Directory record Load Failed

  Hello guys, 
  I'm in an environment with Windows Server 2012 R2 that have ADDS and DNS services deployed, have received event ID 4010 is as follows: 
  Event ID: 4010 
  Event Source: DNS 
  Event Log: DNS Server 
  Event Description: The DNS server was unable to create a resource record for ed8f33e5-E8EB-48da-bfdc-4eb278964864._msdcs.dominio.com. in zone dominio.com. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The
  event data contains the error. 
  I've deleted the records as recommended by Microsoft article but after restarting the DNS service error reappears in DNS logs. 
  Anyone have any ideas?

  Thanks for the reply, below is the results I had with the recommended query:
  PS C:\Windows\system32> Get-ADDomainController -filter * | FL name, *guid*
   name             : ServerS014  ServerObjectGuid
  : 1c1f2405-dc6d-4e5b-b3de-05406f9687b8
   name             : ServerS002 ServerObjectGuid
  : f8d6f018-6bb8-4fbf-9555-4a527f2719ac
   name             : ServerS100 ServerObjectGuid
  : 2f4cd536-380f-4351-9220-3185f73fcd33
   name             : ServerS014 ServerObjectGuid
  : 73d6d936-4deb-4e46-8a22-3b19754b96f1
  I checked the records in DNS are different from that of the consultation 
  Have deletes DNS records and after ipconfig / registerdns records are re-created with different ID of the consultation.

• Windows Server Active Directory services

  Hi,
  We have installed Windows server 2008 R2 as a primary domain controller.
  the domain controller "xxxxxxx" (2008R2 SP1) gets freeze intermittently and at the time of issue we are not able to ping and take RDP session of this server from any other server.In the
  event log : 4015
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  Kindly advice how to resolve this issue.
  Thanks,
  Balaji

  Hello,
  Could you check your servers hdd, nic and another services pls. Also this error (4015) occur  DC is not respond requests
  from the DNS Server. 
  Check your DNS functionality  (Dcdiag /test:DNS) and  refer these
  articles please.
  DNS Event Id: 4015, 4513 and 4514
  Event ID 4015 — DNS Server Active Directory Integration
  Regards,
  Elguc

• SCCM 2012 Active Directory System Discovery - How does it find systems?

  I have setup System Discovery for the forest and have not limited the view of the forest in any way.  Also I have it to setup to discover everything, no limits on the number of days since last check-in. But I have some objects that haven't checked
  into the domain in years that are enabled (yes i want to delete them) and others are disabled that don't show up.  If there is a discovered object that I disable in AD, I run a full discovery and it still found.
  My question is for this discovery, what criteria does SCCM look for?  I assume that it authenticates to the domain with the supplied user account and reads Active Directory and pulls objects.  From there, does it pull Disabled objects or leave
  them be?  If a client hasn't checked in in over 90 (or any number) days, does it discard that automatically? I'm just trying to understand the discovery process.
  Jason Apt, Microsoft Certified Master | Exchange 2010
  My Blog

  it should look for objects that are in AD and also in DNS. When you use the 90 days rules, those objects will not be deleted from the ConfigMgr database (that's a site maintenance rule), the discovery process will just not discover the object.
  Kent Agerlund | My blogs: blog.coretech.dk/kea and
  SCUG.dk/ | Twitter:
  @Agerlund | Linkedin: Kent Agerlund