AD System Group Discovery not updating System OU Name on computer object when computer moves OU

2 related questions.
1. We have noticed that computer objects (active clients) in ConfigMgr are not getting their System OU Name discovery data updated when a computer account is moved from one OU to another, and AD System Group Discovery runs. Since we are basing some of our Software Updates collections on AD OU name, these systems are not falling into their required collections.
2. On a few occasions we are also seeing duplicate computer objects being created. One new record from AD System Discovery, which contains the correct 'new' System OU Name, and one 'old' computer object from before the computer account was moved to a different OU in AD. The heartbeat discovery of this second object is still updating e.g. showing new heartbeats, but the computer object still shows the old System OU Name from before the computer account was moved in AD. If we delete both objects and run a Discovery Data Collection Cycle from the client, and AD System Group Discovery, then we get one new record with the correct 'new' set of System OU names.
This duplicates issue is happening in both our Central Primary Site and our other child Primary site. Both sites are set to create new client records for duplicate hardware IDs, and there is a possibility we're seeing the duplicate records on machines that have been re-imaged and redeployed at some point.
It's my understanding that it is AD System Group Discovery that updates the System OU Name property on client objects. We have this set to run every 4 hours. I'm not seeing any errors in the adsysgrp.log. Any idea why discovery is not updating the System OU Name information when a computer account moves OU? As far as I understand it, nothing additional is required to happen from the client end for this property to get updated.

The only thing I can think of would be ad sys group discovery not running at the site where the client is assigned to?
"Everyone is an expert at something" Kim Oppalfens Configmgr expert for lack of any other expertise. http://www.scug.be/blogs/sccm
HI Everyone..
ANy reply or correct answer to this question???
Same problem even i have. Duplicate machine names created when machine moved to different sites.
And also, AD sys group discovery running on all the sites (i have 4 sites).
System Security analyst at CapG

Similar Messages

  • Active Directory System Group discovery has been removed

    Hello,
    I noticed in SCCM 2012 Active Directory System Group discovery has been removed which discovery is provided the
    information previously collected through this discovery?
    Thanks,
    Dom
    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

    Hi,
    Yes Active Directory System Group Discovery has been removed (not Active Directory System Discovery)
    It is written in http://technet.microsoft.com/en-us/library/gg712308.aspx#BKMK_DiscoveryMethods
    What's new in SCCM 2012
    and confirmed in
    http://blogs.technet.com/b/elie/archive/2012/05/10/system-center-2012-configuration-manager-part2-discovery-methods.aspx
    Thanks,
    DOm
    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

  • System preferences will not open, system preferences will not open

    I am trying to make changes in my system and can not get system preferences to open.  I have shut down, restarted, updated software with no changes.  It briefly opens with a blank screen and then closes.  HElp!

    Launch the Console application in any of the following ways:
    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
    ☞ Open LaunchPad. Click Utilities, then Console in the page that opens.
    Step 1
    Enter the name of the crashed application (System Preferences) or process in the Filter text field. Post the messages from the time of the last crash, if any — the text, please, not a screenshot.
    Important: Some private information, such as your name, may appear in the log. Edit it out by search-and-replace in a text editor before posting.
    Step 2
    Still in the Console window, look under User Diagnostic Reports for crash reports related to the process. The report name starts with the name of the crashed process, and ends with ".crash". Select the most recent report and post the contents — again, the text, not a screenshot. In the interest of privacy, I suggest that, before posting, you edit out the “Anonymous UUID,” a long string of letters, numbers, and dashes in the header of the report, if it’s present (it may not be.) Please don’t post shutdownStall, spin, or hang logs — they're very long and not helpful.

  • AD Group membership not updating in Sharepoint Foundation when adding Active Directory group to Sharepoint group

    I have Sharepoint Foundation installed with the latest CU updates.  It is running on a VMware box (Windows Server 2008 R2 Standard) with its backend on a SQL Server 2008 R2 vmware box.  The farm account is a domain user and has been given all appropriate
    replication rights, etc to active directory.
    Everything seems to be working fine except for security integrated with AD groups.  When I go to edit permissions I can add individual AD users just fine and remove them just fine and their access is taken away right away or given to them right away.
     I can also find AD groups in the people picker and add them to the site. When I add new groups to AD, they are found immediately within Sharepoint, and when I delete groups from AD, they are taken out of the people picker right away.  Now comes
    the weird part.  When I add an AD group to the site, all users currently within that AD group are given access to the Sharepoint Site.  This works for the first time only.  Now when I add or remove users from the AD groups, it does not update
    in SharePoint.  For example, I have an AD testuser1 in the AD Group "All Users".  testuser1 does not have access to SharePoint.  So I add  the AD group to the Sharepoint group "Visitors".  testuser1 now has read access to the sharepoint
    site.  Now, I remove testuser1 from the AD group, but testuser 1 still has access to the site even though he is not part of the AD group, nor does he have any individual permissions to the site.  Now, I add testuser2 to the ad group.  testuser2
    does not have access to the site, even though he is part of the ad group.
    It seems that the only time AD group security is working for me is when I first initially add the AD group to the site.  From then on, it's like sharepoint is caching the members of the group and not updating any new adds or deletes from the groups.
     Any ideas?  I am lost on where to go from here as I have tried everything from clearing cache files, rebooting servers, iisresets....

    I think I have at least cornered the problem, but am not 100% sure yet that it is the correct answer.  I think it could be 1 of the following 2 scenarios.
    Scenario 1:  We have 3 web applications setup on our web server ports 80 - Our sharepoint Web app, 2020 - Our My Site Web App, 2040 - Our Search Web app.  We are using host headers (http://sharepoint.***.com) instead of a server name.  So
    we setup our access mappings (Central Admin -> Application Management -> Configure Alternate access mappings) to use the host header (http://sharepoint.***.com) as the default mapping and the server name as the intranet access mapping.  By
    setting the default access mapping to host headers, i noticed that Sharepoint automatically assumes that all web apps are on port 80.  You can see this by going to (Central Admin -> Manage Web Applications).  The port listed all 3 web apps on
    port 80.  So I think when I was doing a profile sync and using mysites, it was messing with my AD security because of this.  What I did was the following.  I went to Central Admin -> Manage Service Applications -> [Name of your user profile
    service] -> Setup my sites.  I made sure that my preferred search center had the correct port number on it (mine originally had no port number), that my my site host had a port (again no port number originally), as well as the personal site location.
     I then saved this.
    Scenario 2:  Our user profile sync had 2 BDC connections that were corrupt and throwing errors.  I rebuilt the connections, remapped them to the proper user profile property.
    I did both of these scenarios above around the same time.  I then restarted all my servers, and at last the AD Group security is now functioning appropriately.  I have done multiple IIS resets and server restarts.  The issue has only reappeared
    once.  After restarting the machine again, we were back to the AD groups functioning correctly.  Because we had the issue reappear once after doing the above, I still do not feel 100% sure that either one of the above corrected the issue completely.
    As long as we are up and running currently, I am moving on to other tasks with this project.  My only concern that it will break again and I will have to revisit it is when we restart the servers....which is never fun.  I will update as I find
    a "true" answer to this issue....  Let me know if any of the above helped you or if you find something I may not have thought of.

  • Planner group is not updated in service notification using BAPI

    Hi,
    Planner group is not updated in service notification using BAPI BAPI_ALM_ORDER_MAINTAIN.
    I have written the below code, but planner group is not updated in the service notification.
    Please advice which parameters do i need to pass to update planner group in the service notification.
              wa_methods-refnumber      = '000001'.
              wa_methods-objecttype     = 'PARTNER'.
              wa_methods-method         = 'CREATE'.
              wa_methods-objectkey      = wa_subscr1-aufnr.
              APPEND wa_methods TO i_methods.
              wa_methods-refnumber      = '000002'.
              wa_methods-objecttype     = 'HEADER'.
              wa_methods-method         = 'CREATE'.
              wa_methods-objectkey      = wa_subscr1-aufnr.
              APPEND wa_methods TO i_methods.
              wa_methods-refnumber      = '000000'.
              wa_methods-objecttype     = ' '.
              wa_methods-method         = 'SAVE'.
              APPEND wa_methods TO i_methods.
              REFRESH i_partner.
              CLEAR wa_partner.
              wa_partner-orderid        = wa_subscr1-aufnr.
              wa_partner-partn_role     = 'VW'.
              wa_partner-partn_role_old = ''.
              wa_partner-partner        = wa_subscr1-parnr.
              wa_partner-partner_old    = ''.
              APPEND wa_partner TO i_partner.
              REFRESH i_planrgrp.
              CLEAR wa_planrgrp.
              wa_planrgrp-orderid        = wa_subscr1-aufnr.
              wa_planrgrp-plangroup      = wa_subscr1-ingpr.
              APPEND wa_planrgrp TO i_planrgrp.
              REFRESH i_planrgrp_up.
              CLEAR wa_planrgrp_up.
              wa_planrgrp_up-orderid     = wa_subscr1-aufnr.
              wa_planrgrp_up-plangroup   = 'X'.
              APPEND wa_planrgrp_up TO i_planrgrp_up.
    *----Change order details with Technician name
              CALL FUNCTION 'BAPI_ALM_ORDER_MAINTAIN'
                TABLES
                  it_methods   = i_methods
                  it_header    = i_planrgrp
                it_header_up = i_planrgrp_up
                  it_partner   = i_partner
                  return       = i_return.
    Thanks & regards,
    Krishna

    Try this way
    CALL FUNCTION 'BAPI_SERVNOT_CREATE'
    EXPORTING
    * EXTERNAL_NUMBER =
    notif_type = 'S3'
    notifheader = ls_notif_h
    * TASK_DETERMINATION = ' '
    * SENDER =
    * ORDERID =
    IMPORTING
    NOTIFHEADER_EXPORT = ls_notif_e
    TABLES
    * NOTITEM =
    * NOTIFCAUS =
    * NOTIFACTV =
    * NOTIFTASK =
    * NOTIFPARTNR =
    * LONGTEXTS =
    * KEY_RELATIONSHIPS =
    return = lt_return
    * IF lt_return IS INITIAL.                                               " <<< Comment this lie
    read table  lt_return into ls_return with key type = 'E'. " << Change
    if sy-subrc ne 0.                                                             " << Change
    COMMIT WORK AND WAIT.
    write: / ls_notif_e-NOTIF_NO.
    ELSE.
    LOOP AT lt_return INTO ls_return.
    WRITE:/ 'errors'.
    * ls_return.
    ENDLOOP.
    endif.

  • System setting does not allow changes to be made to object LSYS

    Hi
    Im trying to create the process chain in BW-Production System . Like im trying to delete the PSA data for one datasource in BI7.0 .
    Im using the 'Delete requests from the PSA' process type in the process chain . When i try to give the datasource name and source system name in the variant of 'Delete requests from the PSA' process type and save them , then it is saying that
    System setting does not allow changes to be made to object LSYS
    Why it is saying like that . But i can able to include the other process types in the process chain .
    regards
    mohammed

    Dear Mohammed,
    Since you are trying to create process chain in production system.
    Normally production system wont be open for development at any time. Why the system settings does not allow changes was, your production is not modifiable state.
    Check the settings in SE06. system would be non-modifiable for sure.
    in SCC4,  settings ->"changes to the cross customizing objects would be not allowed"
    These two settings/configurations would not allow any development or changes or edit or create in production.
    Please check with your basis folks and proceed further.
    Hope this would help you more in understanding

  • System settings does not allow changes to be made to object

    Hi,
              In one of my test system, when i tried to change the object  its displaying following error message.
    System settings does not allow changes to made to the object.
    I have checked the settings in se03, regarding modification objects of software components and namespace those are in state of modifiable for this namespace object.
      I would like to know, how to change the object in the namespace.
    Regards
    Srikanth

    Hi,
    In SE06, in addtion to system status and component status, check the namespace status too.
    It would be better if you know the namespace of the object you are trying to modify. Set it to modifiable and retry.
    To find namespace, open the object in SE80 and check the attributes. It would show assigned package, namespace, component etc.
    Regards,
    Srikishan

  • System setting does not allow changes to be made to object

    Hi experts,
      I implelemt ST-PI/A today and apply note 1300023. There is a information(???) message keep warning
    "System setting does not allow changes to be made to object NOTE 0001300023". I think I should SE06 to modify system change option, but I don't know which one. Please help.

    Hi,
    If you login in German you can see the variable %1 being replaced by "SDF/" in the Help window.
    Or you  can find the text in the note:
    «/SDF/CCMS_READ CCMS_CREATE_COMP_DOWNLOAD»
    Go to SE03 and expand Administration node, Set System Change Option and set Namespace prefix /SDF to Modifiable.
    Regards,
    André Nunes

  • I just updated tosystem10.6.8. I am running Iphoto 08 version 7.1.5 Quick time movies will not open and play directly in Iphoto. When I move them to my desktop they play fine.Quick time 10.0 What do I need to do?

    I just updated tosystem10.6.8. I am running Iphoto 08 version 7.1.5 Quick time movies will not open and play directly in Iphoto. When I move them to my desktop they play fine.Quick time 10.0 What do I need to do?

    You need to download and install QuickTime Player 7 for Mac OS X v10.6.3 or later
    OT

  • HT4623 My ipad was not updated since the 5.1 and now when I go to update to IOS 7 it states that my ipad is up to date.

    My ipad was not updated since the 5.1 and now when I go to update to IOS 7 it states that my ipad is up to date. Please advise how to update from here.

    TheQuestionaire wrote:
    My ipad was not updated since the 5.1 ...
    Sounds like yours could be an iPad 1.
    If so... iOS 5.1.1 is as far as it goes.

  • I am not able to get name of the person when he is calling for which i have already saved the no. on my contact list i have reseted my phone twice help me out

    hello i have started using iphone 5 for which i downloaded my contacts from i clouds i am not able to get name of the person when he is calling for which i have already saved the no. on my contact list i have reseted my phone twice  its only showing the names of the person whose no. i have saved it with the country code i am staying in india new delhi pls help me i am fed up not able to get the name of person who is calling

    Sir, your Apple ID can be used as an iCloud account as well. They are both the same thing.
    You can learn more from --> Set up your Apple ID for iCloud and iTunes - Apple Support

  • System Status ACPT not update

    Hi all ,
    System status ACTP for some WBS in project are not Update  automatically till Sales Order created & released (no Issue log found for SO) under that WBS . But in same Project for some WBS it update automatically . Also Due to which report created by report painter price (Sales order ) Vs Cost (Budget ) not shown the Price values .
    Thanks ,
    Virendra  

    Hi,
    Run program CNSTATUS to eliminate system issue.
    Thanks,
    Sudhakar

  • Catalog group membership not updating

    Hi,
    I am experiencing a problem with my catalog groups. I have just created a new catalog group and added a user account as a member and also removed that user account from another group by logging in as administrator in answers and using settings - manage presentation catalog groups and users.
    If i now log in as that user the membership hasn't updated and when I click on My Account for that user it still shows as a member of the old group and not the new one.
    My security for users is done through LDAP and in Tools - Options in Admin console on the repository tab I have the LDAP Cache refresh interval set to 1 minutes.
    I know if I restart the presentation services that it will work ok but I don't want to have to do that as I have users using the system.
    Any advice would be appreciated.
    Thanks
    Patricia

    hi,
    you can try to set in the instanceconfig.xml
    the tags
    --->
    <CacheMaxExpireMinutes>2</CacheMaxExpireMinutes>
    <CacheMinExpireMinutes>1</CacheMinExpireMinutes>
    <CacheMinUserExpireMinutes>1</CacheMinUserExpireMinutes>
    <ClientSessionExpireMinutes>10</ClientSessionExpireMinutes>
    <SearchIDExpireMinutes>9</SearchIDExpireMinutes>
    <---
    they control the cache of the browser
    check administrator guide for more informations
    --check in other pc or check with an other browser at the same
    i hope i helped....
    http://greekoraclebi.blogspot.com/
    Edited by: eejimkos on Jul 15, 2009 4:52 AM
    Edited by: eejimkos on Jul 15, 2009 5:01 AM

  • Active Directory Group Discovery not picking up Workstation OSs

    We don't use the default 'workstation' container in AD. We have a OU called:i.e. 'contoso workstations'. Within 'contoso workstations are other OUs by location: i.e.: 'Bangalore'; 'Harare'; 'Bangkok': and 'Djibouti'. AD Group discovery dumps everything
    into All Systems with no logical organization of locations. We need those location folders so we can throttle client deployment. How do I get Discovery to pick up OU 'locations' and populate those locations with workstations?  

    Are you talking about AD site? If so, that's collected by system discovery and heartbeat discovery.  Thus, if you aren't using System Discovery, you'll have to wait until heartbeat discovery reports in for the client. Based on this info you can create
    appropriate query based membership rules for collections that have you manually created. However, this is a bit of chicken and the egg if you want to use it for client agent installation since heartbeat discovery is only reported by client agents themselves.
    Thus, you should either enabled AD System Discovery or choose an alternate deployment method like a startup script.
    Jason | http://blog.configmgrftw.com

  • Sharepoint 2010 Error: System.NullReferenceException: Object reference not set to an instance of an object when trying to upload a document

    Hi,
    Environment: Windows server 2008 R2 , Sharepoint2010
    Getting the below error while uploading a document.  Below is the stack trace.
    System.NullReferenceException: Object reference not set to an instance of an object.    
    at Microsoft.Office.RecordsManagement.PolicyFeatures.ApplicationPages.UploadPage.GetEditFormUrl(SPWeb web, SPList currentList, SPFolder currentFolder, SPContentTypeId id, String comments, SPFile spfile, String sourceUrl, HttpRequest request)     
    at Microsoft.Office.RecordsManagement.PolicyFeatures.ApplicationPages.UploadPage.GetEditFormUrl(SPFile spfile)     
    at Microsoft.Office.RecordsManagement.PolicyFeatures.ApplicationPages.UploadPage.OnSubmit(Object o, EventArgs e)     
    at Microsoft.Office.RecordsManagement.PolicyFeatures.ApplicationPages.UploadExPage.OnSubmit(Object o, EventArgs e)     
    at System.Web.UI.HtmlControls.HtmlInputButton.OnServerClick(EventArgs e)     
    at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)     
    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
    Still new in sharepoint, so no idea where to start.  Please advice.
    Thanks.

    Hi Alex,
    Do you have any update?
    Best Regards,
    Eric
    Eric Tao
    TechNet Community Support

Maybe you are looking for

  • How can I keep my iPhone 4 Mail from freezing & losing drafts?

    I often send email from my iPhone (4 with iOS 5.0.1) only to find that the phone doesn't have a connection. Often once it has a connection again, the mail program will never load -- instead freezing, the "load wheel" forever circling, "Checking for M

  • Source Monitor and Program Monitor not playing back video

    The last time I used Premiere Pro CC was Oct 8 and the program worked fine. As of today, I reopened the project file and the source and program monitors are displaying nothing respectively. However, the audio playback for both are unaffected. I've tr

  • Balance forward billing- Printing separate invoices.

    Hi all, Ii am working on Balance Forward Billing in R12. Most of us know that BFB is used to consolidate several bills into a single bill for customers. My question is: When a Balance Forward BIlling is enabled at customer level, is it possible to pr

  • How do I open my disk drive?   Help

    How do I open my disk drive?

  • Rounding off sunday

    Can you pls help me with this I have to round off to to last sunday... suppose,the user is entering 23/02/2010..then it should be rounded off to 22/02/2010 the user is entering 27/02/2010..then also it should be rounded off to last sunday..that is 22