SCCM Discovery Method - AD System Discovery

Hi,
Is it possible to Change the AD System discovery such that we can tune the discovery to exclude older objects ?
Thanks.

Hi,
In ConfigMgr 2012 you have new options to filter out old records so that they don't get discovered, it is done on the Options tab for the System Discovery agent properties as shown below.
These options doesn't exist in ConfigMgr 2007.
-- My System Center blog ccmexec.com -- Twitter
@ccmexec

Similar Messages

  • SCCM 2012R2 Active Directory System Discovery

    I just set up SCCM and was kind of going back and forth on how I wanted to run the computer discovery portion.  I deleted some computers from the devices section and know I want them back but when I run a rescan they are not populating. I didn't push
    the client or anything just ran the system discovery. How do I get those machines back?  Thanks.

    Correct, the AD System Discovery needs to be able to resolve the computer name to an ip address. See also:
    http://technet.microsoft.com/en-us/library/gg712308.aspx#BKMK_ADSystemDisc
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • SCCM 2012 Active Directory System Discovery - How does it find systems?

    I have setup System Discovery for the forest and have not limited the view of the forest in any way.  Also I have it to setup to discover everything, no limits on the number of days since last check-in. But I have some objects that haven't checked
    into the domain in years that are enabled (yes i want to delete them) and others are disabled that don't show up.  If there is a discovered object that I disable in AD, I run a full discovery and it still found.
    My question is for this discovery, what criteria does SCCM look for?  I assume that it authenticates to the domain with the supplied user account and reads Active Directory and pulls objects.  From there, does it pull Disabled objects or leave
    them be?  If a client hasn't checked in in over 90 (or any number) days, does it discard that automatically? I'm just trying to understand the discovery process.
    Jason Apt, Microsoft Certified Master | Exchange 2010
    My Blog

    it should look for objects that are in AD and also in DNS. When you use the 90 days rules, those objects will not be deleted from the ConfigMgr database (that's a site maintenance rule), the discovery process will just not discover the object.
    Kent Agerlund | My blogs: blog.coretech.dk/kea and
    SCUG.dk/ | Twitter:
    @Agerlund | Linkedin: Kent Agerlund

  • System Discovery Issues in SCCM 2012

    SCCM is not discovering all resources from AD OU. What could be the reason for this. This is not happening for all OU's but randomly for some of them.
    Is there a method to force the system discovery to run instantly ?

    Thanks Jason,
    I think my query was mixed up.
    2) Will the status be NO client ?, If yes, does that mean the complete
    cycle will start again? Meaning as the client is already inactive, it will not send any more hearbeat and configmgr will again wait for the specified days before deleting it again ?
    I know the difference between AD and Heartbeat discovery. I am trying to get a clear difference between
    delete Inactive discovery data and delete
    aged discovery data.
    I checked a blog, I think this is from you http://www.myitforum.com/forums/Delete-aged-discovery-data-and-delete-inactive-client-discovery-data-m204924.aspx
    , where it says "For the Delete Inactive Client Discovery
    Data task, if you haven't cleaned up AD, the object will get recreated (without the client installed flag). If you auto client push enabled, ConfigMgr will try to push to the system again"
    What I get from here is, client status will be NO when it is rediscovered from AD.
    Now if the machine was already deleted with Delete Inactive discovery data maintenance task, and its rediscovered, the client will again become Inactive as the machine is
    not in use. Will the Inactive discovery maintenance task wait again for defined days before it deletes this machine from the database.

  • System Discovery in SCCM 2012

    How can we exclude specific machines from discovery in SCCM.
    If there are 3000 machines in an OU, and would like only 1000 machines to be managed by SCCM which should be discovered. Is this possible or will it discover all resources ?
    Also if this could be achieved if there are sub OU's ?

    Hi,
    I found a similar thread for your reference.
    Active Directory System Discovery - Specific OU discovery is global
    http://social.technet.microsoft.com/Forums/en-US/c78710ee-800a-4d77-8754-f00e2f591961/active-directory-system-discovery-specific-ou-discovery-is-global?forum=configmanagergeneral
    For more infomation, please review the link below:
    Planning for Discovery in Configuration Manager
    http://technet.microsoft.com/en-us/library/gg712308.aspx
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • SCCM 2012 SP1 system discovery

    Hey,
    I need to know that how does a SCCM 2012 SP1 discovers the systems.
    Is it using a  Boundary range or using the OU added in Active Directory System discovery. if suppose the systems are discovered using boundary than whats the need of adding OU in Active Directory System discovery and vice-verse. Please clear my concept
    on this.
    Thanks
    Parth

    You can read more about:
    Discovery here:
    http://technet.microsoft.com/en-us/library/hh427340.aspx - Configuring Discovery in Configuration Manager
    http://technet.microsoft.com/en-us/library/gg712308.aspx - Planning for Discovery in Configuration Manager
    Boundaries here:
    http://technet.microsoft.com/en-us/library/hh427326.aspx - Configuring Boundaries and Boundary Groups in Configuration Manager
    http://technet.microsoft.com/en-us/library/gg712679.aspx - Planning for Boundaries and Boundary Groups in Configuration Manager
    Tim Nilimaa | Blog: http://infoworks.tv | Twitter: @timnilimaa

  • SCCM Active Directory System Discovery

    Hi,
    We have enabled most of the Discovery Methods in SCCM 2012 R2 - and now we are looking at cleaning the clients that are set as inactive for a set of amount of time not sure yet how long (recommendations would be great).
    If I enable "Only discover computers that logged on to a domain in a given period of time" will this remove any inactive clients (Workstations) from the device collections if they have not logged on to the domain for 90 days?
    Thanks Tom

    Hi,
    Also,I recommend you create a collection query all computers without a CM client installed. The Rotten Objects that still exists in AD will automatically be detected by the collection.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • SCCM 2012 RC Discovery Methods all missing but one...

    I am not seeing any other discovery methods under Administration-Overview-hierarchy configuration-discovery methods other than 'Active Directory Forest Discovery'.
    I understand that there are supposed to be many more for discovery.
    Any ideas?  It appears the same from both console on server and console isntalled on workstation.

    Sounds like you've installed a Central Administration Site (CAS).
    The only discovery method available on a CAS is "Active Directory Forest Discovery".
    Planning for Discovery in Configuration Manager:
    http://technet.microsoft.com/en-us/library/gg712308.aspx
    (See the "Decide Where to Run Discovery" section)
    Ronni Pedersen | Configuration Manager MVP | Blog:
    http://www.ronnipedersen.com/ | Twitter
    @ronnipedersen

  • Active Directory System Discovery Properties Error

    Hi,
    I'm getting a strange error within SCCM 2012 System Discovery Properties. The error occurs every time I open the properties for the discover method. I can close it OK, and Systems still seem to be getting discovered. It appears even when the discovery properties
    is completely empty.
    Does anyone know what could be the problem? The error message is below. Thanks in advance
    System.DirectoryServices.ActiveDirectory.ActiveDirectoryObjectNotFoundException
    The Specified directory object cannot be found.
    Stack Trace:
    at System.DirectoryServices.ActiveDirectory.ActiveDirectorySchemaProperty.GetPropertiesFromSchemaContainer(DirectoryContext context, DirectoryEntry schemaEntry, String name, Boolean isDefunctOnServer)
    at System.DirectoryServices.ActiveDirectory.ActiveDirectorySchemaProperty.InitializePropertiesFromSchemaContainer()
    at System.DirectoryServices.ActiveDirectory.ActiveDirectorySchemaProperty.GetValueFromCache(String propertyName, Boolean mustExist)
    at System.DirectoryServices.ActiveDirectory.ActiveDirectorySchemaProperty.get_Syntax()
    at Microsoft.ConfigurationManagement.AdminConsole.ActiveDirectory.AttibutesPageControl.IsAttributeAvailabe(ActiveDirectorySchemaProperty schemaProperty)
    at Microsoft.ConfigurationManagement.AdminConsole.ActiveDirectory.AttibutesPageControl.AddAvailableAttributes(ActiveDirectorySchemaPropertyCollection properties)
    at Microsoft.ConfigurationManagement.AdminConsole.ActiveDirectory.AttibutesPageControl.worker_DoWork(Object sender, DoWorkEventArgs e)
    at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e)
    at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)

    Hi Mike,
    Not exactly, however when the console is logged into as a user who is a domain admin - the error doesn't appear. To make things more complex - the way AD is set up here is quite/very messed up and domain admins is actually nested in schema admins (yep..you
    read that correctly). This nesting is due to be removed, but until then i can only assume the following:
    Not being a schema admin, or domain admin restricts the attributes that you are able to read in the SCCM console system and user discovery properties. I know it shouldn't be like this. Its also interesting that when you open these discovery properties -
    it appears it must read based on the user operating the console, rather than the site server, which I assumed it would be read based on the rights that has.
    Why this is happening, I dont know yet. Its been parked because it isn't actually having an detrimental effect that I can see. I know this probably doesn't help you much, but maybe it will point you in a direction to start looking in..

  • Active Directory System Discovery not discover 'correctly'

    Hi,
    I am having a very strange problem with some devices in my environment.
    The operating system of these is discovered as 'Windows 7 Entreprise 6.1' which causes a lot of my queries to fail.
    Normal from my point of view would be 'Microsoft Windows NT Workstation 6.1' (which is correct at 90% of devices in the same OU)
    Where is the difference to others?
    I already deleted those devices fully from SCCM and I checked the AD for 'Operating System' attribute (which is the same for both types of devices.

    i checked my console and i see all the entries for operating system are start with ' Microsoft windows NT'.the value that you are referring in the screen is custom attribute called 'operatingSystem' and that value cannot be seen in the console .and it
    is not added to the discovery method by default. May be you can try deleting the computer object from SCCM and let the discovery happens again.
    Eswar Koneti | Configmgr Blog: www.eskonr.com | Linkedin: Eswar Koneti
    | Twitter: eskonr

  • Error in Active Directory System Discovery (0x80005010)

    Hi,
    I've configured Active Directory System Discovery in a SCCM 2007 R2 SP2 configuration. I see several SCCM clients being populated with OU information, but others do not. I've taken a look in the adsysdis.log. There it states for a very large number of computer accounts:
    INFO: discovered object with ADsPath = 'LDAP://<domain controller>/<DN computerobject>'
    WARN: Could not get property (domain) for system (0x80005010)
    Afterwards there is no entry that states a ddr is written for this computer object and the SCCM client object is not populated with information.
    Can someone explain what exactly is the issue, and how to solve it?

    I got exactly same issue - SCCM 2007 SP2 two primary sites (one central). AD sctructure got one forest and two domains.
    Does anyone solved this issue ?
    adsysdis.log :
    Starting the data discovery. SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    INFO: Processing search path: 'LDAP://CN=COMPUTERS,DC=MY,DC=DOMAIN'. SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    INFO: Full synchronization requested SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    INFO: DC DNS name = 'dc01.my.domain' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    INFO: search filter = '(&(objectClass=user)(objectCategory=computer))' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    INFO: ads path = 'LDAP://dc01.my.domain/CN=COMPUTERS,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    INFO: Bound to 'LDAP://dc01.my.domain/CN=COMPUTERS,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=TEST1,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=COMP2,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=SRV2,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=SRV3,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    WARN: Could not get property (operatingSystem) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    WARN: Could not get property (operatingSystemVersion) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    WARN: Could not get property (dNSHostName) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    ERROR: System SRV3 is a unsupported operating system, unsupported version, or malformed AD entry. Reported system type is:  (). SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
    WARN: CADSource::ProcessSystemInfo: Failed to get IP Address for the system. SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)

  • How to exclude specific PCs or Organization Unit from discovery and All system collection?

    We want to exclude some PCs from discovery and All System collection.
    1. We want to exclude with out modfing query of All System collection and without modifiing registry.
    2. We want to exclude with Organization unit container.
    We have also tested Include and exclude option which is avaible in system discovery (Discovery method)  but it is not working as per expected.
    Please help us.

    Jason messaged me offline and said that the method of denying read access does not always work. I was thinking that I had done that back in 2003 but have not tested it in the past 10 years or so. It would be easy to test though if you want to give it a try.
    Just browse to the OU on ADUC, right click, properties, security tab. Click Add, change the object type to computers, enter the same of the server that performs discovery, click ok, click deny on all boxes and click OK.
    Actually I just did it to write the instructions above. When I see in my adsysdis.log clearly indicates to me that, in my environment, this works.
    John Marcum | http://myitforum.com/myitforumwp/author/johnmarcum/

  • SCCM 2012: Active Directory Group Discovery, Delta Discovery?

    Hi,
    Our scenario:
    *Software is requested via a seperate system which puts AD computer objects in groups
    *Software within SCCM 2012 is deployed to computer collections
    *Computer collections query AD groups, in those AD groups the pc's reside
    *Collections memberships run via AD query (every 20 minutes)
    *We deploy an OS (Windows 7) via SCCM
    *Machine policy is updates every 20 minutes
    What is important: AD Group discovery is set to full discovery every 7 days, delta discovery set to 15 minutes
    So what happens:
    *Pc is staged correctly with Windows 7 but software isn't coming through in time (sometimes it's there within the hour, sometimes it takes 6 hours)
    *If we run a full AD Group discovery mostly software is installing immediately
    *Sometimes a SCCM 2012 client machine reset policy or reinstall client solves the problem
    My questions:
    *Would it be better to run full discoveries every x minutes since this always solves our problem
    *Would it be better to disable the delta discovery if we do the change above to minimize AD queries
    => tried that now (full discovery every 30 minutes and disabled delta discovery) but I don't want to put to much pressure on our domain controller
    *Our software collections are limited to all systems, we could limit them to a Windows 7 collection. Probably we should do that but any suggestion how to do this safely in Powershell?
    Please advise.
    J.
    Jan Hoedt
    Note: what I don't get is why a full ad discovery system discovery sovles the problem since SCCM 2012 collections do a AD query, what 's the link there?

    So, let me see if I get this correct for our situation:
    Our own developed system puts pc’s in AD groups
    SCCM 2012 polls these groups, by default 1/week full discovery then every 30 minutes a delta discovery
    We deploy software to computer collections, these collections check the SCCM 2012 database every 30 minutes (collection update) Note: the query our collection do, is based upon requirement of Windows 6.1 + membership of an AD group.
    The SCCM 2012 client/computer does a computer policy update every 30 minutes to see what collections it is member of and see then the software to be deployed
     2 questions:
    *Our my assumptions correct? Specifically point 3.: is the query fully coming from an ad sync (or also from sccm client, f.e. Windows 6.1%)?
    *Don’t we have a step to much then, wouldn’t it be better to add a direct membership of the AD group within SCCM? This direct membership would mean no query and so save us about 20 minutes (run of query)?
    Jan Hoedt

  • Exclude servers from Active Directory System Discovery

    We would like to exclude all servers from being discovered by Active Directory System Discovery. Is there any way to achieve this, i. e. with a custom LDAP query? Or does SCCM always detect all systems in the configured OUs? (Moving all servers to a separate
    OU is not an option.)

    Well, good question ;) ... We don't use SCCM on servers, and the basic reason was excluding them from statistics. Of course we want to prevent accidental client installation, but that can be done in other ways (like mentioned by Eswar).
    Still, we always get tons of "computers without client", low success rates etc. Of course all that can be adjusted, excluding servers from "All Systems" etc., but excluding the servers directly from discovery would be the easiest way. If it can't be done,
    it can't be done, and we will be able to live with that. I just wanted to know IF it can be done.
    Well.If that is the issue with reporting,then you may have to edit the report to avoid servers in displaying in reports ,so will be on right track with results.
    Or while creating collections to exclude certain number of computers or may be more,create a AD sec group and all the computers to it .Create collection to exclude computers which are member of this AD group to aviod accidentals installation...
    Please click on "vote as Helpful" if you feel this post helpful to you.
    Eswar Koneti | Configmgr blog:
    www.eskonr.com | Linkedin: Eswar Koneti

  • Discovery Methods question

    What Discovery Method is better System or network  discovery? And why would you chose that one...
    MSB

    Well, it obviously depends on what you want to accomplish...but I would generally recommend System Discovery for most circumstances.  Network discovery (http://technet.microsoft.com/en-us/library/6a0e2b40-672f-45e1-a12d-6d403ab39780#BKMK_NetworkDisc) looks
    for just about anything with an IP address. The vast majority of CM environments are only concerned with managing Windows-based, domain joined devices, so AD System Discovery simply makes more sense.

Maybe you are looking for

  • How do I stop InDesign from crashing every time I open a certain file?

    I tried to move a 2 page spread to the beginning of a 52 page layout and InDesign crashed. I tried recovery and it would crash each time seconds after opening. I tried closing every thing, hard boot, then opening from the file. It opened fine then in

  • Hiding a block in selection screen

    Hi everybody,          My requirement is to hide the entire block of a particular selection screen, find the below selection screen code.  with my piece of code,iindividual fields are getting hidden, please let me know how to hide the entire block.  

  • Bridge CS5 Crashes when navigating video clips

    i recently switched to a tapeless workflow with the canon 60D. I love how simple it is to work with the footage from it in the adobe products, but I've been having a lot of trouble with Bridge. Every time I try to preview the clips, or just browse th

  • Network Attached storage advice

    Can anyone tell me if Maxtor's Shared Storage Plus NAS drive works okay with the iMac core duo. I'm concerned about the software intallation disc - I'm guessing the software is not universal. Any other iMac core duo owners using a NAS successfully? A

  • CKF Not Agrigating

    Hi , I Have 3 CKF in Bex query using Date deffrence ( Date as formula var with replacement path )  to cal culate no of days and another CKF with amout with Qty. When i run detailed report i can see value in CKF but when i run Cost center wise report