Discovery Methods in SCCM

Discovery Methods 2007

1. Active Directory System Discovery -Discovers details about the computer
2. Active Directory System Group Discovery - Discovers details such as organizational unit, global groups, universal groups, and nested groups.
3. Active Directory User Discovery-Retrieves Active Directory User Discovery
4. Active Directory Security Group Discovery-Discovers security groups created in Active Directory.
5. Heartbeat Discovery-Refresh Configuration Manager client computer discovery data in the site database.
6. Network Discovery-Searches the network for resources that meet a specific profile, From router's ARP cache, SNMP agent and DHCP Each discovery method creates data discovery records (DDRs) for resources and sends them to the site database, even if the discovered resource is not capable of being a SCCM 2007 client.

Discovery Methods 2012

In Configuration Manager 2012 the discovery of users, groups and devices has been improved since Configuration Manager 2007. In this blog I would like to point out the available options that come with Configuration Manager 2012.

The discovery feature in Configuration Manager 2012 enables you to identify computer and user resources that can be managed with Configuration Manager. You are able to configure the discovery of resources on different levels in the Configuration Manager 2012 hierarchy. Let’s see how you are able to discover your user and devices.

   1.      Active Directory Forest Discovery

The Active Directory Forest Discovery is a new discovery method in Configuration Manager 2012 that allows the discovery of Active Directory Forest where the site servers reside and also any trusted forest. With this discovery method you are able to automatically create the Active Directory or IP subnet boundaries that are within the discovered Active Directory Forests.

Active Directory Forest Discovery can be configured on Central Administration Sites and Primary Sites.

To enable the discovery of Active Directory Forest you need to configure this option in Administration -> Overview -> Site Hierarchy -> Discovery Methods -> Active Directory Forest Discovery.

Enable Active Directory Forest Discovery

   2.      Heartbeat discovery

The Heartbeat Discovery method is enabled by default and is used to configure the heartbeat schedule. The heartbeat discovery runs on each Configuration Manager client and is used to create a discovery data record (DDR). This record is reported back to the management point every x period of time. For mobile device clients, the DDR is created by the management point that is used by the mobile device client.

The Heartbeat discovery can be configured on every Primary Site.

To enable the Heartbeat Discovery you need to configure this option in Administration -> Overview -> Site Hierarchy -> Discovery Methods -> Heartbeat Discovery.

   3.      Network Discovery

The Network Discovery method is used to discover the topology of your network and the devices on that network. The Network Discovery “service” searches your network for IP enabled resources. This is done by querying services that run an implementation of Microsoft’s DHCP, ARP tables in routers, SNMP enabled devices and Active Directory Domains.

Configure Network Discovery

It is a best practice only to use this method when all other methods cannot find the devices you want to discover and manage.

You are able to configure network discovery on the Central Administration Site, Primary Sites and Secondary Sites.

To enable the Network Discovery you need to configure this option in Administration -> Overview -> Site Hierarchy -> Discovery Methods -> Network Discovery.

    4.      Active Directory User Discovery

The Active Directory User Discovery is used to discover users in the Active Directory You are able to configure the discovery only to look into one or more definable OUs or a complete domain, search into child containers and discover object within Active Directory groups like shown in the figure beneath.

Limit the scope of discovery

You are able to configure the full discovery polling schedule to occur every period of time (minutes, hours, days, weekly, monthly) and you are able to configure a delta discovery every X number of minutes. Delta discovery finds resources in the Active Directory that are new or modified since the last full discovery cycle.

Besides the default attributes, you are able to add attributes that need to be discovered.

Add attributes to the scope of discovered attributes

Active Directory User Discovery can be configured on Central Administration Sites and Primary Sites.

To enable the discovery of Active Directory Users you need to configure this option in Administration -> Overview -> Site Hierarchy -> Discovery Methods -> Active Directory User Discovery.

    5.      Active Directory System Discovery

The Active Directory System Discovery has the same discovery options regarding OUs, scheduling and adding attributes that needs to be discovered. Two new and very welcome options are that you now can define that the discovery method only must discover computers that have logged on to a domain in a given period of time and that the discovery method only must discover computers that have updated their computer password in a given period of time. This way you won’t discover obsolete computer accounts from the Active Directory.

Exclude "obsolete" computers

Active Directory System Discovery can be configured on Central Administration Sites and Primary Sites.

To enable the discovery of Active Directory Systems you need to configure this option in Administration -> Overview -> Site Hierarchy -> Discovery Methods -> Active Directory System Discovery.

    6.      Active Directory Group Discovery

The old Configuration Manager 2007 System Group and User Group discovery are merged to one discovery method, which is called Active Directory Group Discovery. Besides merging the methods, Configuration Manager will now also remove devices or users from collections that are for instance removed from an Active Directory Group. You are able to discover Groups via a definable Location (OU or domain) or via definable Groups that are available in the Active Directory domain.

Configure group discovery

Also with the Active Directory Group Discovery you are able to configure the “Time since last logon”  and “Time since last password update”  options. You are also able to discover the membership of distribution groups.

Exclude "obsolete" computers and discover membership of distribution groups

Active Directory Group Discovery can be configured on Central Administration Sites and Primary Sites.

To enable the discovery of Active Directory Groups you need to configure this option in Administration -> Overview -> Site Hierarchy -> Discovery Methods -> Active Directory Group Discovery.

With all these discovery methods you are able to gather the resources that you want to manage in your Configuration Manager sites. Try to limit the resources that you want to discover to those you need for Configuration Manager 2012.