First of all, learn to Enable SCCM Active Directory User Discovery. Let’s check the ConfigMgr options to Exclude OUs from SCCM Active Directory User Discovery.
Configuration Manager has different discovery methods to find resources to manage from the network, Active Directory, and Azure Active Directory (Azure AD).
ConfigMgr’s most common discovery methods (a.k.a SCCM) are the Active Directory system and Active Directory user discoveries. The AD discovery is one of the first steps you perform after building a New ConfigMgr Primary Server.
Microsoft introduced a new option to exclude OU from SCCM Active Directory User Discovery with the 2103 version of ConfigMgr. In this post, you will learn more about the exclude options.
SCCM Active Directory User Discovery
Let’s understand how to configure SCCM Active Directory User Discovery.
Go to Administration > Hierarchy Configuration > Discovery Methods from the ConfigMgr console. Double click on Active Directory User Discovery method to go to properties.
Click on the option – Enable Active Directory User Discovery. Click on the Star⭐ button to add Active Directory Containers/OUs.
Click on BROWSE from Active Directory Container. Select the OU from where you want to discover the computer.
Select Intune OU and Click OK to discover all users in the Active directory for my test lab.
LDAP://OU=Intune,DC=memcm,DC=com
You can now exclude OUs from ConfigMgr Active Directory User Discovery. To exclude an OU:
In the Active Directory Container dialog box, locate the search option Select sub-containers/sub-OU to be excluded from discovery.
Select Add to add an exclusion OU. Select OK to save the Active Directory container configuration.
Click OK on the Active Directory container. Click OK again to complete.
Right-Click on Active Discovery User Discovery. Select Run Full Discovery Now.
Confirmation | Verification – How to Configure SCCM Active Directory User Discovery
Let’s check the SCCM log file adusrdis.log to confirm whether configuring Active directory user discovery works fine?
Some of the important steps notified in the log file snippet below:
- SMS_EXECUTIVE started SMS_AD_USER_DISCOVERY_AGENT as thread ID 82860 (0x143AC).
- Connecting to site server’s (\CMMEMCM.memcm.com) registry
- !!!!Valid Search Scope Name: LDAP://OU=Intune,DC=memcm,DC=com Search Path: LDAP://OU=INTUNE,DC=MEMCM,DC=COM IsValidPath: TRUE
- Starting the data discovery.
- INFO: Processing search path: ‘LDAP://OU=INTUNE,DC=MEMCM,DC=COM’.
- INFO: Succeed to cached binding for LDAP://ADMEMCM.memcm.com/RootDSE
- INFO: search filter = ‘(&(objectClass=user)(objectCategory=person))’
- INFO: ads path = ‘LDAP://ADMEMCM.memcm.com/OU=INTUNE,DC=MEMCM,DC=COM’
- INFO: discovered object with ADsPath = ‘LDAP://ADMEMCM.MEMCM.COM/CN=HR User 1,OU=HR,OU=Intune,DC=memcm,DC=com’
- WARN: Discovered object is in excluded AD container. Skip.
- INFO: discovered object with ADsPath = ‘LDAP://ADMEMCM.MEMCM.COM/CN=Intune User 1,OU=Intune,DC=memcm,DC=com’
- Message processing engine client for SMS_AD_USER_DISCOVERY_AGENT created.
Bug? How to Configure SCCM Active Directory User Discovery OU Exclusion
I have seen that users from HR OU are getting discovered even after exclusion is set up in the configuration. Have you also seen this issue before? Share your experience in the comments section below.
SCCM Active Directory User Discovery FAQs?
Let’s learn more about frequently asked questions about SCCM Active Directory Discovery methods?
What is SCCM Active Directory System Discovery?
SCCM collects system record details from the Active Directory domain. This process is called SCCM Active Directory system discovery.
What is SCCM Active Directory User Discovery?
SCCM collects User record details from the Active Directory domain. This process is called SCCM Active Directory User Discovery.
How many types of Active Directory Schedules are available?
There are two types of AD discovery schedules are available. Full Discovery and Delta Discovery.
Is it Possible to exclude OUs from AD System Discovery?
Yes
Is it Possible to exclude OUs from AD User Discovery?
Yes
Resources
- Install a New SCCM New ConfigMgr Primary Server
- How To Configure Active Directory System Discovery | SCCM|ConfigMgr HTMD Blog (anoopcnair.com)
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.