System Center 2012 Configuration Manager–Part2: Discovery Methods

In part 1 of this series, we went over the steps to deploy a stand-alone primary site.

Throughout this article, we will configure discovery methods for our primary site.

From the Administration tab, expand Hierarchy Configuration and click Discovery Methods

As you have noticed, Active Directory System Group discovery has been removed and Active Directory Security Group has been renamed to Active Directory Group Discovery and discovers the group memberships of resources.

By default, Heartbeat Discovery is the only enabled discovery method. Heartbeat discovery is pre-configured to run every 7 days on every computer and it aims to create a discovery data record (DDR)  which contains the network location, NETBIOS name and operational status details. The DDR (size of 1KB) is submitted to the management point and processed by the primary site to maintain the active client’s record in the database or force the discovery of an active client that have been removed from the database, or that has been manually installed and not discovered yet.

As a best practice, keep the heartbeat discovery method enabled all the time and if you need to modify the schedule the discovery runs make sure the value is always less than the value of the task Delete Aged Discovery Data which deletes inactive client records from the site database.

This task can be viewed from Site Maintenance

From the Discovery Methods page, double click Active Directory Forest Discovery.

Check to enable the forest discovery and check the other two options to Automatically create Active Directory site boundaries when they are discovered and to Automatically create IP address range boundaries for IP subnets when they are discovered

Active Directory Forest Discovery is a new method which will discover the IP subnets and the Active Directory sites and add them as boundaries. We will be covering later how we can use the discovered information for site boundaries.

This method is scheduled by default to run every 7 days and it doesn’t support Delta Discovery. You can always run the method if you right click on it and select to Run Full Discovery Now

If you go to Boundaries, you will notice the automatic creation of boundaries

The above Forest Discovery ran on the top-level site of the hierarchy.

You can also run this method on other Active Directory Forests. To do so, go to Active Directory Forests from the Administration tab and select the Forest you want to discover.

On the General page, you’d need to specify an account from the designated forest that has the privileges to discover Active Directory Sites and IP subnets and to publish information to the Active Directory. To do, this account must have full permissions on the System Management object in Active Directory.

Alternatively, the site server computer account can be used if he has permissions to do so.

On the Publishing page, you can select the site to be published to the designated forest.

You can monitor the Discovery Status and the Publishing Status from the lower right pane

You can also check further information on the status by checking the ADForestDisc.log file found in the <InstallationPath>\Logs

Next, double click Active Directory System Discovery and check to enable this method on the contoso.com domain

On the Polling Schedule tab, click to enable Delta Discovery.

Delta Discovery is not a full discovery but instead a method that will search Active Directory Domain Services (AD DS) for specific attributes that have changed since the last full discovery cycle. Even though, Delta Discovery will discover new resources and changes, it won’t detect when a resource is deleted from AD DS. If Delta Discovery is enabled for Active Directory Group Discovery, it will detect when computers or users are added or removed from a group.

On the Active Directory Attributes page, you can check the attributes that are selected for default discovery and you can select from the Available Attributes list a custom attribute such as “location” attribute and add it to the discovery method. This option has been improved from Configuration Manager 2007 R3

On the Option page, select the options to filter out stale computer records from the discovery. This is a new feature in the product which will help keep the site database up to date with active client records.

Let us enable Active Directory User Discovery on the contoso.com domain

Similar to Active Directory System Discovery, on the Polling Schedule page you can enable Delta Discovery and on the Active Directory Attributes page you can select additional attributes to be added to the default discovered attributes.

Those are the only discovery methods I will enable for my current environment.

This comes to the end of part 2 where we’ve configured discovery methods and discussed the new and the improved discovery functionalities.

In our next article, we will be discussing Boundaries and Boundary Groups.