In Configuration Manager 2012 the discovery of users, groups and devices has been improved since Configuration Manager 2007. In this blog I would like to point out the available options that come with Configuration Manager 2012.
The discovery feature in Configuration Manager 2012 enables you to identify computer and user resources that can be managed with Configuration Manager. You are able to configure the discovery of resources on different levels in the Configuration Manager 2012 hierarchy. Let’s see how you are able to discover your user and devices.
Active Directory Forest Discovery
The Active Directory Forest Discovery is a new discovery method in Configuration Manager 2012 that allows the discovery of Active Directory Forest where the site servers reside and also any trusted forest. With this discovery method you are able to automatically create the Active Directory or IP subnet boundaries that are within the discovered Active Directory Forests.
Active Directory Forest Discovery can be configured on Central Administration Sites and Primary Sites.
To enable the discovery of Active Directory Forest you need to configure this option in Administration -> Overview -> Site Hierarchy -> Discovery Methods -> Active Directory Forest Discovery.
Heartbeat discovery
The Heartbeat Discovery method is enabled by default and is used to configure the heartbeat schedule. The heartbeat discovery runs on each Configuration Manager client and is used to create a discovery data record (DDR). This record is reported back to the management point every x period of time. For mobile device clients, the DDR is created by the management point that is used by the mobile device client.
The Heartbeat discovery can be configured on every Primary Site.
To enable the Heartbeat Discovery you need to configure this option in Administration -> Overview -> Site Hierarchy -> Discovery Methods -> Heartbeat Discovery.
Network Discovery
The Network Discovery method is used to discover the topology of your network and the devices on that network. The Network Discovery “service” searches your network for IP enabled resources. This is done by querying services that run an implementation of Microsoft’s DHCP, ARP tables in routers, SNMP enabled devices and Active Directory Domains.
It is a best practice only to use this method when all other methods cannot find the devices you want to discover and manage.
You are able to configure network discovery on the Central Administration Site, Primary Sites and Secondary Sites.
To enable the Network Discovery you need to configure this option in Administration -> Overview -> Site Hierarchy -> Discovery Methods -> Network Discovery.
Active Directory User Discovery
The Active Directory User Discovery is used to discover users in the Active Directory 😉 You are able to configure the discovery only to look into one or more definable OUs or a complete domain, search into child containers and discover object within Active Directory groups like shown in the figure beneath.
You are able to configure the full discovery polling schedule to occur every period of time (minutes, hours, days, weekly, monthly) and you are able to configure a delta discovery every X number of minutes. Delta discovery finds resources in the Active Directory that are new or modified since the last full discovery cycle.
Besides the default attributes, you are able to add attributes that need to be discovered.
Active Directory User Discovery can be configured on Central Administration Sites and Primary Sites.
To enable the discovery of Active Directory Users you need to configure this option in Administration -> Overview -> Site Hierarchy -> Discovery Methods -> Active Directory User Discovery.
Active Directory System Discovery
The Active Directory System Discovery has the same discovery options regarding OUs, scheduling and adding attributes that needs to be discovered. Two new and very welcome options are that you now can define that the discovery method only must discover computers that have logged on to a domain in a given period of time and that the discovery method only must discover computers that have updated their computer password in a given period of time. This way you won’t discover obsolete computer accounts from the Active Directory.
Active Directory System Discovery can be configured on Central Administration Sites and Primary Sites.
To enable the discovery of Active Directory Systems you need to configure this option in Administration -> Overview -> Site Hierarchy -> Discovery Methods -> Active Directory System Discovery.
Active Directory Group Discovery
The old Configuration Manager 2007 System Group and User Group discovery are merged to one discovery method, which is called Active Directory Group Discovery. Besides merging the methods, Configuration Manager will now also remove devices or users from collections that are for instance removed from an Active Directory Group. You are able to discover Groups via a definable Location (OU or domain) or via definable Groups that are available in the Active Directory domain.
Also with the Active Directory Group Discovery you are able to configure the “Time since last logon” and “Time since last password update” options. You are also able to discover the membership of distribution groups.
Active Directory Group Discovery can be configured on Central Administration Sites and Primary Sites.
To enable the discovery of Active Directory Groups you need to configure this option in Administration -> Overview -> Site Hierarchy -> Discovery Methods -> Active Directory Group Discovery.
With all these discovery methods you are able to gather the resources that you want to manage in your Configuration Manager sites. Try to limit the resources that you want to discover to those you need for Configuration Manager 2012.
I have been trying to configure Network Discovery on my Primary Site and Secondary Sites. However, it is always greyed out. After configuration, I cannot click on “Run Full Discovery Now” as it is unavailable to me. I tried in my lab without secondary sites (standalone) and it does not work either. I only have “Heartbeat Discovery” and “Network Discovery” selected.
Any ideas on what the issue is or how to resolve?
Hi Steve,
Never played with the network discovery before, but as I can see in the CTP of SP1 they removed the “Run Full Discovery Now” option. There is an option to schedule this task.
Why do you want to use this option? Do you have a lot of desktops in workgroups? What does the Netdisc.log say?
Cheers,
Peter
Peter,
I am unaware of the “Run Full Discovery Now” option being removed in SCCM 2012. When Network Discovery is right-clicked the option shows, but is greyed out (as is the icon in the taskbar). We have also tried to schedule it to run with no luck. The “Run Full Discovery Now” works as expected with AD Discovery items.
We wanted to use Network Discovery to just have the system discover the systems within the IT department (dedicated VLAN) for initial configuration and testing.
The netdisc.log file shows discovery only of the local VLAN where the SCCM server resides and not the VLAN requested in the configuration.
Hey friend, some solution.? help please
My net work contains a single AD domain .I am planning to deploy sccm 2012.The hirechey will be like ONE CAS & five primary sites. I need to ensure that I can target the user groups for software distribution .Which discovery method shoud I use so that net work traffic will be minimized?