Deploying SCCM 2012 Part 7 – Configuring Discovery and Boundaries.
What are Discovery Methods in Configuration Manager 2012 – System Center 2012 Configuration Manager discovery identifies computer and user resources that you can manage by using Configuration Manager. It can also discover the network infrastructure in your environment. Discovery creates a discovery data record (DDR) for each discovered object and stores this information in the Configuration Manager database. When a resource is discovered the information about the resource is put in a file that is referred to as a discovery data record (DDR). DDRs are processed by site servers and entered into the Configuration Manager database where they are then replicated by database-replication with all sites. More information on configuration Manager 2012 Discovery Methods is here :- http://technet.microsoft.com/en-us/library/gg712308.aspx.
In Part 1 we saw the installation of Active Directory Domain Services. In Part 2 we created the AD container and delegated the permissions on it. In Part 3 we installed pre-requisites for SCCM server. In Part 4 we installed SQL server, updated the service pack and cumulative update patch. In Part 5 we installed WSUS server role, Configured the firewall to add exceptions to allow the Client Push, Open the SQL ports 1433 and 4022. In Part 6 we installed the SCCM 2012.
Types of Discovery Methods:
Active Directory Forest Discovery – As the name suggests it discovers Active Directory sites and subnets, and then creates Configuration Manager boundaries for each site and subnet from the forests which have been configured for discovery. With this discovery method you are able to automatically create the Active Directory or IP subnet boundaries that are within the discovered Active Directory Forests.
Active Directory Group Discovery – The Active Directory Group Discovery discovers the groups from the defined location in the Active Directory. The Discovery Process discovers local, global, and universal security groups, the membership within these groups. When you configure the Group discovery you have the option to discover the membership of distribution groups. With the Active Directory Group Discovery you can also discover the computers that have logged in to the domain in a given period of time.
Active Directory System Discovery – If you want to discover the computers in your organization from specified locations in Active Directory Domain Services then we use Active Directory System Discovery. In order to push the sccm clients into the computers, the resources must be discovered first. There is an option to discover the computers that have logged on to a domain in given period of time, this way you won’t discover obsolete computer accounts from the Active Directory.
Active Directory User Discovery – This Discovery process discovers the user accounts from your Active Directory domain. You will have to specify the Active Directory container to search for the user accounts. There are some good options to discover the user accounts like the option to discover the user objects based on the attributes, recursively search AD child containers, discover objects within the AD groups.
HeartBeat Discovery – The HeartBeat Discovery runs on every Configuration Manager client and is used by Active Configuration Manager clients to update their discovery records in the database. The records (Discovery Data Records) are sent to the management point in specified duration of time. Heartbeat Discovery can force discovery of a computer as a new resource record, or can repopulate the database record of a computer that was deleted from the database. Note that the HeartBeat Discovery is enabled by default and is scheduled to run every 7 days.
Network Discovery – The Network Discovery searches your network infrastructure for network devices that have an IP address. It can search the domains, SNMP devices and DHCP servers to find the resources. It also discovers devices that might not be found by other discovery methods. This includes printers, routers, and bridges.
To discover the resources we will now enable the following Discovery Methods:
- Active Directory Forest Discovery
- Active Directory Group Discovery
- Active Directory System Discovery
- Active Directory User Discovery
Active Directory Forest Discovery.
Launch the System Center 2012 Configuration Manager Console. On the left pane select the Administration, expand Hierarchy Configuration, Select Discovery Methods. On the right pane double click “Active Directory Forest Discovery”. Check all the boxes to enable the AD Forest Discovery. With this all the Active Directory site boundaries are created automatically along with IP address boundaries. Click on Apply.
When you click on Apply, it asks you to run the full discovery as soon as possible. Click on Yes.
Active Directory Group Discovery – Double click the Active Directory Group Discovery and Check the box which says “Enable Active Directory Group Discovery“. Once you do that at the bottom you must add the Groups or the Location.
If you are choosing the first option i.e. groups, then you can add the multiple groups by specifying the distinguished name of the group. I prefer to choose the option “Location”.
Click Browse to specify the location. Select the Active Directory Container. I prefer to select the Domain PRAJWAL. Click OK.
Provide a valid name to the Groups and click OK.
You should find the group name that you entered in the above step. Lets take a look at Polling Schedule.
Polling schedule is how often the Configuration Manager polls the AD to find the groups. You can change the polling schedule by clicking on Schedule button.
We will change “Recur Every” from 7 days to 2 days. So that means the Active Directory Group Discovery will Poll the AD for groups, every 2 days. Click OK.
Click on Option. Check all the check boxes. The first option will discover computers that are active since 90 days. The second option will discover computers that have changed/updated their computer account password in a period of 90 days. The third option discovers the membership of distribution groups. Click Apply and OK .
Active Directory System Discovery – Right Click Active Directory System Discovery and click properties.
Click Enable Active Directory System Discovery. To add the Active Directory Containers Click on the Orange color icon.
Click on Browse and select the domain. click OK.
Click on Option and make the changes shown in the below screenshot.
Click on Apply.Run the full discovery by clicking Yes. Click OK and close the properties page.
Active Directory User Discovery – Double click the Active Directory User Discovery, Enable the active directory User Discovery. Add the Active Directory Containers. Click OK.
Concept Of Boundaries – As per Microsoft, a boundary is a network location on the intranet that can contain one or more devices that you want to manage. Boundaries can be an IP subnet, Active Directory site name, IPv6 Prefix, or an IP address range, and the hierarchy can include any combination of these boundary types. To use a boundary, you must add the boundary to one or more boundary groups. Boundary groups are collections of boundaries. By using boundary groups, clients on the intranet can find an assigned site and locate content when they have to install software, such as applications, software updates, and operating system images. When we run the Active Directory Forest Discovery, the Boundaries are discovered Automatically.
Lets take a look in the SCCM 2012 Console and find out whether a Boundary has been created or not. Bingo, the boundary has been discovered successfully.
Now we need to add the Boundary to the Boundary groups. To do so Select Boundary Groups, right Click and create a boundary group.
Provide a name as First Boundary Group. Click Add.
Select the boundary. In our case there is only one discovered boundary and that is the Default-First-Site-Name. Click OK.
Click on references tab, check Use this Boundary group for site assignment. To add the site system servers, click Add and select the Site System Server. Click OK.
Once you do the above step, the Boundary Group must be seen in the console under Boundary Groups.
Select Boundaries from the left pane, right click the Default-First-Site-Name, click properties,under Boundary Groups you will find the First Boundary Group Added Automatically.