Let’s Configure Active Directory System Discovery for Configuration Manager. You can discover systems and users in your network once I have a post to build New ConfigMgr Primary Server.
Active directory system and user discovery is one of the first steps you perform as part of configuring new SCCM infrastructure. Once all these users and systems are discovered by SCCM, get the ability to manage users and systems.
ConfigMgr Client Install – Install SCCM Client Manually Using Command Line
Related Post – Extend AD Schema for SCCM | ConfigMgr. More details “Learn How to Extend AD Schema for SCCM | ConfigMgr | MEMCM.”
Introduction
ConfigMgr discovery methods find different devices on your network, devices and users from Active Directory, or users from Azure Active Directory (Azure AD).
Use AD System Discovery discovery method to search the specified Active Directory Domain Services locations for computer resources. Once the resources are discovered and created a corresponding record created in SCCM, that can be used to create collections and queries.
NOTE! – You can also install the Configuration Manager client on a discovered device by using client push installation.
Configure Active Directory System Discovery
Let’s start the Configuration Manager discovery process to manager AD system records.
- Launch Configuration Manager Console
- Navigate via \Administration\Overview\Hierarchy Configuration\Discovery Methods
- Right Click on Active Directory System Discovery
- Click on Properties
- Enable Active Directory System Discovery
- Click on * button to select the Active Directory OU or discover the systems from all active directory
- Click on BROWSE from Active Directory Container
- Select the OU from where you want to discover the computer
- Select MEMCM and Click OK to discover all the computers in the Active directory for my test lab
NOTE! – For production environment – I would recommend selecting a particular OU than entire Active Directory domain.
- Click OK to continue
- Click OK to continue to complete the SCCM configuration Active Directory System Discovery
- Select YES to continue with FULL discovery “Do you want to run FULL discovery as soon as possible.”
Confirmation | Verification
Let’s check SCCM log file called ADSYSDIS.log to confirm whether configure Active directory system discovery works fine?
Some of the important steps notified in the log file snippet below:
- Valid Search Scope Name: LDAP://DC=memcm,DC=com
- Starting the data discovery
- Full synchronization requested
- discovered object with ADsPath
- DDR was written for system ‘ADMEMCM’
- successfully completed directory search~
SMS_EXECUTIVE started SMS_AD_SYSTEM_DISCOVERY_AGENT as thread ID 8144 (0x1FD0) ** Service Thread is starting **~ Connecting to site server's (\CMMEMCM.memcm.com) registry~ Inbox source is local on CMMEMCM.MEMCM.COM Component setting of ACTIVE was specified in the site control file.~ Removing redundant containers and validating them…~ INFO: No AD Containers Exclusions property list specified in site control file. The Run Count value in the site control file is 1.~ The Schedule token value in the site control file is 000120000010A000.~ Incremental synchronization is enabled.~ The Full Synchronization Schedule token value in the site control file is 0001170000100038.~ Filtering Last Logon Timestamp is disabled.~ Days of Logon Timestamp is 90.~ Filtering Last Password Set is disabled.~ Days of Last Password Set is 90.~ Optional attributes count = 0 !!!!Valid Search Scope Name: LDAP://DC=memcm,DC=com Search Path: LDAP://DC=MEMCM,DC=COM IsValidPath: TRUE Starting the data discovery.~ Connecting to site server's (\CMMEMCM.memcm.com) registry~ INFO: Succeed to clean up meta data in DB. INFO: – ---- – Starting to process search scope (LDAP://DC=memcm,DC=com) – ---- – INFO: Processing search path: 'LDAP://DC=MEMCM,DC=COM'.~ INFO: Full synchronization requested~ INFO: New DC DNS name = 'ADMEMCM.memcm.com'~ INFO: New highest committed USN = '55699'~ 0> INFO: New service object invocation Id = '3706bc8949381a48b752fcdd2b31454b'~ INFO: Search provider = 'LDAP'~ INFO: discovered object with ADsPath = 'LDAP://ADMEMCM.MEMCM.COM/CN=ADMEMCM,OU=Domain Controllers,DC=memcm,DC=com'~ INFO: DDR was written for system 'ADMEMCM' - F:\Program Files\Microsoft Configuration Manager\inboxes\auth\ddm.box\adse9mg1.DDR at 3/7/2020 11:29:30. INFO: discovered object with ADsPath = 'LDAP://ADMEMCM.MEMCM.COM/CN=SQLMEMCM,CN=Computers,DC=memcm,DC=com'~ $$<03-07-2020 11:29:30.889+00> INFO: successfully completed directory search~ INFO: – ---- – Finished to process search scope (LDAP://DC=memcm,DC=com) STATMSG: ID=5202 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AD_SYSTEM_DISCOVERY_AGENT" SYS=CMMEMCM.MEMCM.COM SITE=MEM PID=3716 TID=8144 GMTDATE=Sat Mar 07 11:29:31.001 2020 ISTR0="1" ISTR1="5" ISTR2="5" ISTR3="0" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 *** Shutting Down **~
Results – ConfigMgr AD System Discovery
Let’s check the console whether the System or Computers records are available under ALL SYSTEMS node.
- Navigate to \Assets and Compliance\Overview\Devices\All Systems
NOTE! – Now, the system or computer records there in SCCM DB, you can install ConfigMgr Client on these computer records. ConfigMgr Client Install – Install SCCM Client Manually Using Command Line
Resources
- More about discovery methods for SCCM ConfigMgr here
- Client installation methods in SCCM/ConfigMgr here
We recently may have had a password change. but for system discovery, we get this in the logs.
ISTR0=”LDAP://DC=AIIG,DC=LOCAL” ISTR1=”The user name or password is incorrect.~~” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 $$
I am thinking the password had been changed by Thycotic. Is there a password for this I can update inside configuration manager or do we need to just ensure the correct password exists in AD. We are leveraging a service account to impersonate a user. Doesn’t appear to be permission related but rather AD account access. It’s the area where it says Active Directory Discovery Account, Specify an account.
Thank you.