Active Directory Security Group Discovery

This discovery method allows the healthcare IT Administrator to create discovery information for:

•  Local groups
•  Global Groups
•  Universal Groups
•  Nested Groups

Use Active Directory Security Group Discovery to discover user groups that need to be categorised into Configuration Manager collections. For example, if there is a need to distribute software to users in a specific security group, the security group can be added to a collection. Software packages can then be advertised to only that collection, so that only the appropriate users receive it. Polling performed by Active Directory Security Group Discovery can generate significant network traffic; therefore discovery should be scheduled to occur at times when this network traffic does not adversely affect network use.

1. Open the Configuration Manager Console and navigate to the Discovery Methods node. In the right pane, right-click on the Active Directory Security Group Discovery component and select Properties.
2. Select Enable Active Directory Security Group Discovery. Click the button to add a search location.
3. Select Local domain as the location and accept the other default settings. Click OK.
4. Select the container that contains the user groups that Configuration Manager will discover. Click OK.
5. Repeat steps 2 to 4 for each container to be searched.
6. Click the Polling Schedule tab. Select Run discovery as soon as possible. Click Schedule to specify an ongoing schedule for the discovery process. Click OK.

The progress of the discovery process can be monitored by looking at the log file <Configuration Manager installation folder>\Logs\Adsgdis.log. Once the discovery records have been processed by Configuration Manager, they will be shown in the Configuration Manager Console within the ‘All User Groups’ collection, and any other collection that is appropriate for the type of resource. To view the discovery information that has been gathered for a computer, either double-click the computer from within the Configuration Manager Console or right-click on the computer in the Console and select Properties.