Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide

First of all, learn to Enable SCCM Active Directory User Discovery. Let’s check the ConfigMgr options to Exclude OUs from SCCM Active Directory User Discovery. Configuration Manager has different discovery methods to find resources to manage from the network, Active Directory, and Azure Active Directory (Azure AD).

The most common discovery methods used in ConfigMgr (a.k.a SCCM) are the Active Directory system and Active Directory user discoveries. The AD discovery is one of the first steps you perform after building a New ConfigMgr Primary Server.

Microsoft introduced a new option to exclude OU from SCCM Active Directory User Discovery with the 2103 version of ConfigMgr. In this post, you will learn more about the exclude options.

SCCM Active Directory User Discovery

Let’s understand how to configure SCCM Active Directory User Discovery.

Patch My PC
  • From the ConfigMgr console, go to Administration > Hierarchy Configuration > Discovery Methods.
  • Double click on Active Directory User Discovery method to go to properties.
Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide
Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide
  • Click on the option – Enable Active Directory User Discovery.
  • Click on the Star⭐ button to add Active Directory Containers/OUs.
Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide
Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide
  • Click on BROWSE from Active Directory Container
  • Select the OU from where you want to discover the computer
    • Select Intune OU and Click OK to discover all users in the Active directory for my test lab.
      • LDAP://OU=Intune,DC=memcm,DC=com
Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide
Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide
  • You can now exclude OUs from ConfigMgr Active Directory User Discovery. To exclude an OU:
  • In the Active Directory Container dialog box, locate the search option named Select sub-containers/sub-OU to be excluded from discovery.
  • Select Add to add an exclusion OU.
  • Select OK to save the Active Directory container configuration.
Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide
Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide
  • Click OK on the Active Directory container.
  • Click OK again to complete.
Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide 1
Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide 8
  • Right-Click on Active Discovery User Discovery
  • Select Run Full Discovery Now.
Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide
Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide

Confirmation | Verification

Let’s check the SCCM log file called adusrdis.log to confirm whether configure Active directory user discovery works fine?

Some of the important steps notified in the log file snippet below:

  • SMS_EXECUTIVE started SMS_AD_USER_DISCOVERY_AGENT as thread ID 82860 (0x143AC).
  • Connecting to site server’s (\CMMEMCM.memcm.com) registry
  • !!!!Valid Search Scope Name: LDAP://OU=Intune,DC=memcm,DC=com Search Path: LDAP://OU=INTUNE,DC=MEMCM,DC=COM IsValidPath: TRUE
  • Starting the data discovery.
  • INFO: Processing search path: ‘LDAP://OU=INTUNE,DC=MEMCM,DC=COM’.
  • INFO: Succeed to cached binding for LDAP://ADMEMCM.memcm.com/RootDSE
  • INFO: search filter = ‘(&(objectClass=user)(objectCategory=person))’
  • INFO: ads path = ‘LDAP://ADMEMCM.memcm.com/OU=INTUNE,DC=MEMCM,DC=COM’
  • INFO: discovered object with ADsPath = ‘LDAP://ADMEMCM.MEMCM.COM/CN=HR User 1,OU=HR,OU=Intune,DC=memcm,DC=com’
  • WARN: Discovered object is in excluded AD container. Skip.
  • INFO: discovered object with ADsPath = ‘LDAP://ADMEMCM.MEMCM.COM/CN=Intune User 1,OU=Intune,DC=memcm,DC=com’
  • Message processing engine client for SMS_AD_USER_DISCOVERY_AGENT created.
Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide
Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide

Bug?

I have seen the users from HR OU are getting discovered even after exclusion set up in the configuration. Have you also seen this issue before? Share your experience in the comments section below.

1E Nomad

SCCM Active Directory Discovery FAQs?

Let’s learn more about frequently asked questions about SCCM Active Directory Discovery methods?

What is SCCM Active Directory System Discovery?

SCCM collects system record details from the Active Directory domain. This process is called SCCM Active Directory system discovery.

What is SCCM Active Directory User Discovery?

SCCM collects User record details from the Active Directory domain. This process is called SCCM Active Directory User discovery.

How many types of Active Directory Schedules are available?

There are two types of AD discovery schedules are available. Full Discovery and Delta Discovery.

Is it Possible to exclude OUs from AD System Discovery?

Yes

Is it Possible to exclude OUs from AD User Discovery?

Yes

Resources

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.