Active Directory System Discovery not discover 'correctly'

Similar Messages

• Error in Active Directory System Discovery (0x80005010)

  Hi,
  I've configured Active Directory System Discovery in a SCCM 2007 R2 SP2 configuration. I see several SCCM clients being populated with OU information, but others do not. I've taken a look in the adsysdis.log. There it states for a very large number of computer accounts:
  INFO: discovered object with ADsPath = 'LDAP://<domain controller>/<DN computerobject>'
  WARN: Could not get property (domain) for system (0x80005010)
  Afterwards there is no entry that states a ddr is written for this computer object and the SCCM client object is not populated with information.
  Can someone explain what exactly is the issue, and how to solve it?

  I got exactly same issue - SCCM 2007 SP2 two primary sites (one central). AD sctructure got one forest and two domains.
  Does anyone solved this issue ?
  adsysdis.log :
  Starting the data discovery. SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: Processing search path: 'LDAP://CN=COMPUTERS,DC=MY,DC=DOMAIN'. SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: Full synchronization requested SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: DC DNS name = 'dc01.my.domain' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: search filter = '(&(objectClass=user)(objectCategory=computer))' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: ads path = 'LDAP://dc01.my.domain/CN=COMPUTERS,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: Bound to 'LDAP://dc01.my.domain/CN=COMPUTERS,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=TEST1,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=COMP2,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=SRV2,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=SRV3,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: Could not get property (operatingSystem) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: Could not get property (operatingSystemVersion) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: Could not get property (dNSHostName) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  ERROR: System SRV3 is a unsupported operating system, unsupported version, or malformed AD entry. Reported system type is:  (). SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
  WARN: CADSource::ProcessSystemInfo: Failed to get IP Address for the system. SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)

• Excluding some computers from Active Directory System Discovery

  Hi,
  I am trying to exclude some computers from Active Directory System Discovery. I created a new Organizational Unit for those excluded computers and that OU is NOT under the OU that I am discovering  in the OU hierarchy. I specified the location
  to be discovered under the Active Directory System Discovery properties. However, it is still discovering the computers that I wanna exclude from the discovery.  I deleted those computers from console manually and run the discovery again, it still
  discovers them.
  What I might be doing wrong?
  Thanks
  Yavuz Selim Atmaca

  Hi,
  If you check under properties on the object, you can see which discovery agent is discovering the reasource, it could be the Group Discovery as well. That is where I would start to troubleshoot it.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Exclude servers from Active Directory System Discovery

  We would like to exclude all servers from being discovered by Active Directory System Discovery. Is there any way to achieve this, i. e. with a custom LDAP query? Or does SCCM always detect all systems in the configured OUs? (Moving all servers to a separate
  OU is not an option.)

  Well, good question ;) ... We don't use SCCM on servers, and the basic reason was excluding them from statistics. Of course we want to prevent accidental client installation, but that can be done in other ways (like mentioned by Eswar).
  Still, we always get tons of "computers without client", low success rates etc. Of course all that can be adjusted, excluding servers from "All Systems" etc., but excluding the servers directly from discovery would be the easiest way. If it can't be done,
  it can't be done, and we will be able to live with that. I just wanted to know IF it can be done.
  Well.If that is the issue with reporting,then you may have to edit the report to avoid servers in displaying in reports ,so will be on right track with results.
  Or while creating collections to exclude certain number of computers or may be more,create a AD sec group and all the computers to it .Create collection to exclude computers which are member of this AD group to aviod accidentals installation...
  Please click on "vote as Helpful" if you feel this post helpful to you.
  Eswar Koneti | Configmgr blog:
  www.eskonr.com | Linkedin: Eswar Koneti

• After Active Directory System Discovery, some computers have Operating_System_Name_and0 as only the version number

  Good morning,
  We've been experiencing some odd behavior with discovery.  After Active Directory System Discovery, some computers have Operating_System_Name_and0 as only the version number; for example, " 6.1" (note the space before the 6) vs.
  "Microsoft Windows NT Workstation 6.1" (although, not limited to Windows 7 workstations).
  Here are two seemingly identical machine records in Active Directory WCBWIN7VDI10 and WCBWIN7VDI11.
  After discovery
  select Name0, Operating_System_Name_and0 from v_r_system where Name0 LIKE 'WCBWIN7VDI1[0,1]'
  yields
  Name0 Operating_System_Name_and0
  WCBWIN7VDI10  6.1
  WCBWIN7VDI11 Microsoft Windows NT Workstation 6.1
  For discovery on a new domain yesterday we have the following distribution:
  select count (*) as [count], convert (nvarchar, Creation_Date0, 110) as [creation date], Operating_System_Name_and0
  from v_r_system where Full_Domain_Name0 like 'aaa.bbb.ccc'
  group by Operating_System_Name_and0, convert (nvarchar, Creation_Date0, 110)
  order by Operating_System_Name_and0
  count
  creation   date
  Operating_System_Name_and0
  274
  12-01-2014
  3
  12-01-2014
   5.0
  23
  12-01-2014
   5.1
  124
  12-01-2014
   5.2
  20
  12-01-2014
   6.0
  5109
  12-01-2014
   6.1
  6
  12-01-2014
   6.2
  4
  12-01-2014
   6.3
  1
  12-01-2014
  CentOS 6.0
  13
  12-01-2014
  Microsoft   Windows NT Server
  54
  12-01-2014
  Microsoft   Windows NT Server 5.2
  9
  12-01-2014
  Microsoft   Windows NT Server 6.0
  120
  12-01-2014
  Microsoft   Windows NT Server 6.1
  2
  12-01-2014
  Microsoft   Windows NT Server 6.2
  7
  12-01-2014
  Microsoft   Windows NT Server 6.3
  6
  12-01-2014
  Microsoft   Windows NT Workstation 5.1
  3501
  12-01-2014
  Microsoft   Windows NT Workstation 6.1
  1
  12-02-2014
  Microsoft   Windows NT Workstation 6.1
  5
  12-01-2014
  Microsoft   Windows NT Workstation 6.2
  1
  12-01-2014
  Microsoft   Windows NT Workstation 6.3
  2
  12-01-2014
  SLES 11
  6
  12-01-2014
  Windows   Embedded Standard 6.1
  Anybody know why this occurs?  We typically build our server vs. workstation collections with this.
  Thanks,
  Terence Durning

  Hi Terence,
  What is the value in Active Directory for the computer account?
  Do you have the same behavior if you run this query? 
  SELECT DISTINCT Operating_System_Name_and0 FROM v_R_System ORDER BY 1
  You are talking about a space before 6.1. Do I see also a space for all Microsoft Windows like "Microsoft   Windows NT Workstation 6.3" ? 
  Nick Pilon - Blog: System Center Dudes

• Doing Active Directory System Discovery security roles

  Hi Experts
  I am assigning users who have specific roles in SCCM2012 (Reporting, application management etc) , they are not assigned with permissions which is the same as Full Administrator or Operation Manager. 
  The team would like to run Active Directory System Discovery on the Primary Site server to detect the computer objects found in the AD once they have joined the new computers to the domain, they are unable to perform RUN on the Active Directory System Discovery
  as the option is not available to them. Possible to advise, which additional security roles should I assign to them so that the RUN command can appear?? They are unable to do this with the current permission as listed below, RUN is not listed when they right
  click on Active Directory System Discovery, unlike the Full Administrator:
  Application Administrator
  Application Author
  Application Deployment Manager
  Operating System Deployment Manager
  Read-only Analyst
  Remote Tools Operator
  Software Update Manager

  Hi,
  You could create a Custom role and modify the rights.
  Administration workspace >Security >Security Roles >Select a Built-in role >Click Copy on the ribbon.
  Otherwise, Role-based Administration Modeling and Auditing Tool helps administrators to model and audit RBA configurations.
  http://www.microsoft.com/en-us/download/details.aspx?id=36213
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• SCCM 2012 Active Directory System Discovery - How does it find systems?

  I have setup System Discovery for the forest and have not limited the view of the forest in any way.  Also I have it to setup to discover everything, no limits on the number of days since last check-in. But I have some objects that haven't checked
  into the domain in years that are enabled (yes i want to delete them) and others are disabled that don't show up.  If there is a discovered object that I disable in AD, I run a full discovery and it still found.
  My question is for this discovery, what criteria does SCCM look for?  I assume that it authenticates to the domain with the supplied user account and reads Active Directory and pulls objects.  From there, does it pull Disabled objects or leave
  them be?  If a client hasn't checked in in over 90 (or any number) days, does it discard that automatically? I'm just trying to understand the discovery process.
  Jason Apt, Microsoft Certified Master | Exchange 2010
  My Blog

  it should look for objects that are in AD and also in DNS. When you use the 90 days rules, those objects will not be deleted from the ConfigMgr database (that's a site maintenance rule), the discovery process will just not discover the object.
  Kent Agerlund | My blogs: blog.coretech.dk/kea and
  SCUG.dk/ | Twitter:
  @Agerlund | Linkedin: Kent Agerlund

• Active Directory System Discovery Properties Error

  Hi,
  I'm getting a strange error within SCCM 2012 System Discovery Properties. The error occurs every time I open the properties for the discover method. I can close it OK, and Systems still seem to be getting discovered. It appears even when the discovery properties
  is completely empty.
  Does anyone know what could be the problem? The error message is below. Thanks in advance
  System.DirectoryServices.ActiveDirectory.ActiveDirectoryObjectNotFoundException
  The Specified directory object cannot be found.
  Stack Trace:
  at System.DirectoryServices.ActiveDirectory.ActiveDirectorySchemaProperty.GetPropertiesFromSchemaContainer(DirectoryContext context, DirectoryEntry schemaEntry, String name, Boolean isDefunctOnServer)
  at System.DirectoryServices.ActiveDirectory.ActiveDirectorySchemaProperty.InitializePropertiesFromSchemaContainer()
  at System.DirectoryServices.ActiveDirectory.ActiveDirectorySchemaProperty.GetValueFromCache(String propertyName, Boolean mustExist)
  at System.DirectoryServices.ActiveDirectory.ActiveDirectorySchemaProperty.get_Syntax()
  at Microsoft.ConfigurationManagement.AdminConsole.ActiveDirectory.AttibutesPageControl.IsAttributeAvailabe(ActiveDirectorySchemaProperty schemaProperty)
  at Microsoft.ConfigurationManagement.AdminConsole.ActiveDirectory.AttibutesPageControl.AddAvailableAttributes(ActiveDirectorySchemaPropertyCollection properties)
  at Microsoft.ConfigurationManagement.AdminConsole.ActiveDirectory.AttibutesPageControl.worker_DoWork(Object sender, DoWorkEventArgs e)
  at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e)
  at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)

  Hi Mike,
  Not exactly, however when the console is logged into as a user who is a domain admin - the error doesn't appear. To make things more complex - the way AD is set up here is quite/very messed up and domain admins is actually nested in schema admins (yep..you
  read that correctly). This nesting is due to be removed, but until then i can only assume the following:
  Not being a schema admin, or domain admin restricts the attributes that you are able to read in the SCCM console system and user discovery properties. I know it shouldn't be like this. Its also interesting that when you open these discovery properties -
  it appears it must read based on the user operating the console, rather than the site server, which I assumed it would be read based on the rights that has.
  Why this is happening, I dont know yet. Its been parked because it isn't actually having an detrimental effect that I can see. I know this probably doesn't help you much, but maybe it will point you in a direction to start looking in..

• SCCM 2012R2 Active Directory System Discovery

  I just set up SCCM and was kind of going back and forth on how I wanted to run the computer discovery portion.  I deleted some computers from the devices section and know I want them back but when I run a rescan they are not populating. I didn't push
  the client or anything just ran the system discovery. How do I get those machines back?  Thanks.

  Correct, the AD System Discovery needs to be able to resolve the computer name to an ip address. See also:
  http://technet.microsoft.com/en-us/library/gg712308.aspx#BKMK_ADSystemDisc
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Active Directory System Discovery - extensionAttribute1

  Hello,
  My apologies if this should be in the SQL forum but wanted to start here in case someone was familiar with what I'm seeing.
  At this time I have system discovery polling on extensionattribute1 which works fine. When I go into SQL the v_R_System view lists extensionAttribute10 with the data from 1. I looked at the same computer object in question in powershell and see the 10 has
  no data and 1 truly has the data, so it looks like SQL is showing 10 when it should be 1? It's not really breaking anything, just something I noticed. Has anyone ever came across this or perhaps know of a better place I should pull data from AD other than
  v_R_System that might not show this conflict?
  Joshua

  Are you saying in SQL it's v_R_System.extensionAttribute10? That seems logical. That "0" appended to the end of almost all columns in the SQL views for CM inventory. I can't explain why but that's just how it is. If you added extensionAttribute10 it would
  probbaly show up as extensionAttribute100
  John Marcum | Microsoft MVP - Enterprise Client Management
  My blog: System Center Admin | Twitter:
  @SCCM_Marcum | Linkedin:
  John Marcum

• Active Directory Group Discovery not picking up Workstation OSs

  We don't use the default 'workstation' container in AD. We have a OU called:i.e. 'contoso workstations'. Within 'contoso workstations are other OUs by location: i.e.: 'Bangalore'; 'Harare'; 'Bangkok': and 'Djibouti'. AD Group discovery dumps everything
  into All Systems with no logical organization of locations. We need those location folders so we can throttle client deployment. How do I get Discovery to pick up OU 'locations' and populate those locations with workstations?  

  Are you talking about AD site? If so, that's collected by system discovery and heartbeat discovery.  Thus, if you aren't using System Discovery, you'll have to wait until heartbeat discovery reports in for the client. Based on this info you can create
  appropriate query based membership rules for collections that have you manually created. However, this is a bit of chicken and the egg if you want to use it for client agent installation since heartbeat discovery is only reported by client agents themselves.
  Thus, you should either enabled AD System Discovery or choose an alternate deployment method like a startup script.
  Jason | http://blog.configmgrftw.com

• SCCM Active Directory System Discovery

  Hi,
  We have enabled most of the Discovery Methods in SCCM 2012 R2 - and now we are looking at cleaning the clients that are set as inactive for a set of amount of time not sure yet how long (recommendations would be great).
  If I enable "Only discover computers that logged on to a domain in a given period of time" will this remove any inactive clients (Workstations) from the device collections if they have not logged on to the domain for 90 days?
  Thanks Tom

  Hi,
  Also,I recommend you create a collection query all computers without a CM client installed. The Rotten Objects that still exists in AD will automatically be detected by the collection.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Active Directory System Group discovery has been removed

  Hello,
  I noticed in SCCM 2012 Active Directory System Group discovery has been removed which discovery is provided the
  information previously collected through this discovery?
  Thanks,
  Dom
  System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

  Hi,
  Yes Active Directory System Group Discovery has been removed (not Active Directory System Discovery)
  It is written in http://technet.microsoft.com/en-us/library/gg712308.aspx#BKMK_DiscoveryMethods
  What's new in SCCM 2012
  and confirmed in
  http://blogs.technet.com/b/elie/archive/2012/05/10/system-center-2012-configuration-manager-part2-discovery-methods.aspx
  Thanks,
  DOm
  System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

• Active Directory service discovery failed

  Hi forum user,
  I have integrated my SGD with AD.
  I saw the following error in jserver log file:
  # more jserver2698_error.log
  2007/07/24 15:25:22.626 (pid 2698) server/ldap/error #1185261922626
  Sun Secure Global Desktop Software (4.31) ERROR:
  Active Directory service discovery failed: Failed to find any valid Site objects.
  Looking up Global Catalog DNS name: gc.tcp.telbru.com.bn. - HIT
  Looking for GC on server: Active Directory:ts1.telbru.com.bn:/172.25.11.96:3268:Up - HIT
  Checking for CN=Configuration: DC=telbru,DC=com,DC=bn - MISS
  Checking for CN=Configuration: CN=Configuration,DC=telbru,DC=com,DC=bn - HIT
  Looking up domain root context: DC=telbru,DC=com,DC=bn - HIT
  Looking up site context: CN=Sites,CN=Configuration
  Searching for sites: (&(objectClass=site)(siteObjectBL=*)) - HIT
  Looking up addresses for peer DNS: portal.telbru.com.bn - HIT
  Failed to discover Active Directory Site, Domain and server data.
  This might mean LDAP users cannot log in.
  Make sure the DNS server contains the Active Directory service
  records for the forest. Make sure a Global Catalog server is available.
  Why the error occurred ?
  What is the resolution to this error ?
  Appreciate any help. Thanks.

  This error message is telling you that SGD failed to find any site objects in your AD tree. This should not stop users from logging in, it will just mean that SGD will not be able to work out which AD site is local to the SGD server.
  If you are not using sites in your AD setup, then you do not need to worry about this.
  Hope this helps,
  DD

• Remove Active Directory User Discovery

  We're looking at enabling Active Directory User Discovery in our Config Mgr 2012 instance as as part of testing Intune.  If we decide to not implement Intune, will we be able to disable Active Directory User Discovery, and remove that information from
  the database?
  If so, is there good documentation on how to do this?
  Thanks

  The easiest is to disable the Active Directory User Discovery
  and than delete all the users from the All Users collection.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude