Sometimes you may find that System Center Configuration Manager 2007 discovers more computers than expected when employing Active Directory System Discovery. This happens primarily due to the leftover computer accounts and DNS entries of those machines that were a part of Active Directory (AD) sometime in the past but no longer continue to exist. The AD System Discovery relies on these two pieces of information while populating discovery data:
- A machine account in Active Directory
- A corresponding DNS Record
Because of this, if you have leftover machine accounts and stale host records in DNS you may find that AD System Discovery finds those old computers that no longer actually exist.
This issue can be addressed by ensuring a check on either or both. The old DNS host records can be cleansed manually or automatically by enabling scavenging. More details on DNS scavenging can be found at http://technet.microsoft.com/en-us/library/cc755716(WS.10).aspx. We also have a good blog post on DNS scavenging at http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx.
An alternative is to employ AD cleanup to help in this process. The following command will help find all the computers that have not logged in for n number of weeks:
dsquery computer -inactive n -limit 0
For example, if you ran dsquery computer -inactive 4 -limit 0 it will return all computers that have not logged on the network for last 4 weeks. The limit 0 specifies to return all the results.
Once the inactive computer accounts have been identified they can be manually deleted from the Active Directory. As always, we recommend making a backup (System State or full ) before this just to be on a safe side.
Additionally, please note that the previously discovered incorrect entries will not be removed from Configuration Manager by either cleaning the DNS or AD account after the discovery. You may either delete all discovered resources returned by the above referenced dsquery from the System Center Configuration Manager 2007 All Systems Collection or you can wait for the scheduled Delete Aged Inventory Data Task to remove them.
For more information on the Delete Aged Discovery Data Task see http://technet.microsoft.com/en-us/library/bb693856.aspx.
Hope this helps,
The App-V Team blog: http://blogs.technet.com/appv/
The WSUS Support Team blog: http://blogs.technet.com/sus/
The SCMDM Support Team blog: http://blogs.technet.com/mdm/
The ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
The SCOM 2007 Support Team blog: http://blogs.technet.com/operationsmgr/
The SCVMM Team blog: http://blogs.technet.com/scvmm/
The MED-V Team blog: http://blogs.technet.com/medv/
The DPM Team blog: http://blogs.technet.com/dpm/
The OOB Support Team blog: http://blogs.technet.com/oob/
The Opalis Team blog: http://blogs.technet.com/opalis
The Service Manager Team blog: http: http://blogs.technet.com/b/servicemanager
The AVIcode Team blog: http: http://blogs.technet.com/b/avicode
The System Center Essentials Team blog: http: http://blogs.technet.com/b/systemcenteressentials
The Server App-V Team blog: http: http://blogs.technet.com/b/serverappv