Contact Us Get Free Products
Search icon Contact Us Get Free Products
SCCM/MECM

How to configure and enable SCCM Discovery Methods

Benoit LecoursDecember 17 20157 Min Read

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 8 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intune deployments.

Benoit Lecours

President
Table of Content
SCD Collaborators
Download and own this SCCM Installation Guide in a single PDF file.

The PDF file is a 162 pages document that contains all informations to install and configure SCCM Current Branch. Use our products page or use the button below to download it .

Download

Icon Info

This blog post has been updated. Please refer to the new SCCM Current Branch Installation Guide.

After you completed your SCCM installation, you certainly want to start managing some systems. The effective way to add them in SCCM is to configure SCCM discovery methods. This blog article will explain the various discovery methods and will describe how to configure it.

In the first parts of these SCCM 2012 and SCCM 1511 blog series, we covered the complete SCCM 2012 R2 and SCCM 1511 installation. In the final parts, we will cover the basic SCCM configurations.

What is SCCM Discovery Methods

Here’s the official discovery methods definition from Technet :

SCCM discovery methods identifies computer and user resources that you can manage by using Configuration Manager. It can also discover the network infrastructure in your environment. Discovery creates a discovery data record (DDR) for each discovered object and stores this information in the Configuration Manager database. 

When discovery of a resource is successful, discovery puts information about the resource in a file that is referred to as a discovery data record (DDR). DDRs are in turn processed by site servers and entered into the Configuration Manager database where they are then replicated by database-replication with all sites. The replication makes discovery data available at each site in the hierarchy, regardless of where it was discovered or processed. You can use discovery information to create custom queries and collections that logically group resources for management tasks such as the assignment of custom client settings and software deployments. Computers must be discovered before you can use client push installation to install the Configuration Manager client on devices.

In simple words, it means that SCCM need to discover device before it can manage them. It’s not mandatory to discover computers, if you manually install the client, it will appear in the console and it can be managed. The problem is that if you have thousand computers, it can be a fastidious process. By using Active Directory System Discovery, all your computers will be shown in the console, from there you can choose to install the client using various SCCM methods. Of course if you need information about your user and groups, you need to configure User and Group discovery, it’s the only way to bring this information in SCCM.

There are 5 Types of Discovery Methods that can be configured. Each one targets a specific object type (Computers, Users, Groups, Active Directory) :

Active Directory System Discovery

Discovers computers in your organization from specified locations in Active Directory. In order to push the SCCM client to the computers, the resources must be discovered first. You can specify to discover only computers that have logged on to the domain in a given period of time. This option is useful to exclude obsolete computer accounts from Active Directory.You also have the option to fetch custom Active Directory Attributes. This is useful if your organization store custom information in AD. You can read our blog post concerning this topic.

  • Open the SCCM Console
  • Go to Administration / Hierarchy Configuration / Discovery Methods
  • Right-Click Active Directory System Discovery and select Properties

SCCM Discovery Methods

  • On the General tab, you can enable the method by checking Enable Active Directory System Discovery
  • Click on the Star icon and select the Active Directory container that you want to include in the discovery process

SCCM Discovery Methods

  • On the Poling Schedule tab, select the frequency on which you want the discovery to happen
    • A 7 day cycle with a 5 minutes delta interval is usually fine in most environment

SCCM Discovery Methods

  • On the Active Directory Attribute tab, you can select custom attributes to include during discovery
    • This is useful if you have custom data in Active Directory that you want to use in SCCM

SCCM Discovery Methods

  • On the Options tab, you can select to discover only accounts that have logged or updated their passwords since a specific number of days
    • This is useful if your Active Directory isn’t clean. Use this to discover only good records

SCCM Discovery Methods

Active Directory Group Discovery

Discovers groups from specified locations in Active Directory. The discovery process discovers local, global or universal security groups. When you configure the Group discovery you have the option to discover the membership of distribution groups. With the Active Directory Group Discovery you can also discover the computers that have logged in to the domain in a given period of time. Once discovered, you can use group information for exemple to create deployment based on Active Directory groups.

Be careful when configuring this method : If you discover a group that contain a computer object that is NOT discovered in Active Directory System Discovery, the computer will be discovered. If automatic client push is enabled, this could lead to unwanted clients computers.

To discover resources using this methods :

  • Open the SCCM Console
  • Go to Administration / Hierarchy Configuration / Discovery Methods
  • Right-Click Active Directory Group Discovery and select Properties

SCCM Discovery Methods

  • On the General tab, you can enable the method by checking Enable Active Directory Group Discovery
  • Click on the Add button on the bottom to add a certain location or a specific group.
    • Remember : If you discover a group that contain a computer object that is NOT discovered in Active Directory System Discovery, the computer will be discovered.

SCCM Discovery Methods

  • On the Poling Schedule tab, select the frequency on which you want the discovery to happen
    • A 7 day cycle with a 5 minutes delta interval is usually fine in most environment

SCCM Discovery Methods

  • On the Options tab, you can select to discover only accounts that have logged or updated their passwords since a specific number of days
    • This is useful if your Active Directory isn’t clean. Use this to discover only good records

SCCM Discovery Methods

Active Directory User Discovery

Discovery process discovers user accounts from specified locations in Active Directory. You also have the option to fetch custom Active Directory Attributes. This is useful if your organization store custom information in AD about your users. Once discovered, you can use group information for example to create user based deployment.

To discover resources using this methods :

  • Open the SCCM Console
  • Go to Administration / Hierarchy Configuration / Discovery Methods
  • Right-Click Active Directory User Discovery and select Properties

SCCM Discovery Methods

  • On the General tab, you can enable the method by checking Enable Active Directory User Discovery
  • Click on the Star icon and select the Active Directory container that you want to include in the discovery process

SCCM Discovery Methods

  • On the Poling Schedule tab, select the frequency on which you want the discovery to happen
    • A 7 day cycle with a 5 minutes delta interval is usually fine in most environment.

SCCM Discovery Methods

  • On the Active Directory Attribute tab, you can select custom attributes to include during discovery
    • This is useful if you have custom data in Active Directory that you want to use in SCCM

SCCM Discovery Methods

Active Directory Forest Discovery

Discovers Active Directory sites and subnets, and creates Configuration Manager boundaries for each site and subnet from the forests which have been configured for discovery. Using this discovery method you can automatically create the Active Directory or IP subnet boundaries that are within the discovered Active Directory Forests. This is very useful if you have multiple AD Site and Subnet, instead of creating them manualy, use this method to do the job for you.

To discover resources using this methods :

  • Open the SCCM Console
  • Go to Administration / Hierarchy Configuration / Discovery Methods
  • Right-Click Active Directory Forest Discovery and select Properties

SCCM Discovery Methods

  • On the General tab, you can enable the method by checking Enable Active Directory Forest Discovery
  • Select the desired options

SCCM Discovery Methods

HeartBeat Discovery

HeartBeat Discovery runs on every client and to update their discovery records in the database. The records (Discovery Data Records) are sent to the Management Point in specified duration of time. Heartbeat Discovery can force discovery of a computer as a new resource record, or can repopulate the database record of a computer that was deleted from the database.

HeartBeat Discovery is enabled by default and is scheduled to run every 7 days.

To discover resources using this methods :

  • Open the SCCM Console
  • Go to Administration / Hierarchy Configuration / Discovery Methods
  • Right-Click Heartbeat Discovery and select Properties

SCCM Discovery Methods

  • On the General tab, you can enable the method by checking Enable Heartbeat Discovery
    • Make sure that this setting is enabled and that the schedule run less frequently than the Clear Install Flag maintenance task.

SCCM Discovery Methods

Network Discovery

The Network Discovery searches your network infrastructure for network devices that have an IP address. It can search the domains, SNMP devices and DHCP servers to find the resources. It also discovers devices that might not be found by other discovery methods. This includes printers, routers, and bridges.

We won’t go into detail of this discovery methods as it’s old and depreciated methods. We never saw any customers using this method in production.

Client Configuration Manager console Discovery Guide Installation Methods SCCM 1511 SCCM 2007 SCCM 2012 SCCM 2012 R2 Step-by-Step
SCD Collaborators
Comments (15)

svariell

01.03.2020 AT 08:58 AM
I have a question for you when it comes to boundary discovery in ConfigMgr. I have forest discovery enabled and running on it's schedule, however, I've noticed things have changed in our environment in DHCP. For some reason ConfigMgr has quit pulling in new IP Subnets or Sites that have been created. Any ideas where I should look to fix this within ConfigMgr? Also, at some of our sites/data centers, they've implemented SD WAN. How does that have an effect on ConfigMgr? Thanks for the advice. This has been baffling, since ConfigMgr Logs are not really showing any errors.
Hide replies 0

Kade Porter

06.11.2019 AT 12:59 PM
OK Benoit, thank you for this great explanation. I have a related question. I understand how to set up these discovery methods. But what I don't understand is how to grant security roles that are less than Full Administrators the ability to kick off a system discovery. I have yet to be able to find the right setting that grants this access to lesser security roles. Sometimes if a client is having an issue and we've already tried reinstalling the client, I would like the ability to allow our desktop admins the ability to run a full system discovery after deleting the object from SCCM. (Currently running CB 1806)
Hide replies 0

Phil Crawford

05.27.2019 AT 08:51 PM
Benoit, Good article, with scope for improvement I think. I run a server site across 3 forests and have just rebuilt and am trying to set it up from scratch. I found the adsgdis.log file from your reply above re user discovery. It would make the article more helpful for those who aren't full time in SCCM if you mentioned each log with the relevant discovery method. Also, in relation to Group discovery, I'm not interested in users, only in Groups for Patching, so I wanted to limit group discovery to a specific location in each forest. I eventually worked out that the LDAP path goes in the second field, with an arbitrary name in the first field. Thanks for the article.
Hide replies 0

Natasha Boerner

01.11.2019 AT 12:54 AM
Hi, I was wondering if there was a way to see who had changed these settings? For example, one day you come in and network discovery is enabled when it should be disabled and it broke a whole heap of things, and it was no one from the sccm admin team? How do I find out who it was?
Hide replies 0

Gustavo Almiron

07.13.2018 AT 11:01 AM
Is it possible to install SCCM with different forests? In the company that we work, we need to create other domains in Active Directory for each business, we would like to know if it is possible to expand the SCCM that we have today for the other future domains or it will be necessary to create a SCCM for each domain.
Hide replies 1

Phil Crawford

05.27.2019 AT 08:57 PM
Gustavo, You can install across multiple forests, even where there is no trust relationship. Your Site Server will need to be able to write to each Active Directory (Extend schema and create the System Management container, with an account for Full Control) in each remote forest. You will also need a computer in each remote forest with Management Point, Distribution Point and Software Update Point roles. Site Server will need to use an account to control these and the Management Point will need to be able to log onto your database server.
Hide replies 0

selim atmaca

04.19.2018 AT 08:35 AM
This is what I exactly experienced unfortunately. I wasn't expecting that enabling group discovery result in discovering computers in the groups. "Be careful when configuring this method : If you discover a group that contain a computer object that is NOT discovered in Active Directory System Discovery, the computer will be discovered. If automatic client push is enabled, this could lead to unwanted clients computers."
Hide replies 0

Paddy

08.15.2017 AT 02:54 PM
Set Heartbeat to "LESS" often than Client Rediscovery Period? I think that is poorly written if what they mean is MORE frequently. Please confirm that this is bad english or they really mean to set it to run less often than the Client Rediscovery Period. On the Clear Install Flag task it is written poorly also but suggests that The heartbeat should be sent more often than the period indicated in the Clear Install Flag task.
Hide replies 1

You've got a Point

06.05.2019 AT 06:30 AM
Dear Mr./Mrs. Grammar Nazi, Shouldn't that be English instead of english then?
Hide replies 0

Haus

03.12.2017 AT 10:33 AM
When attempt to add a custom attribute to User Discovery, it never appears. I have left it sit for two weeks now. any thoughts?
Hide replies 1

Benoit Lecours

03.13.2017 AT 10:28 AM
You will need to check Adusrdis.log to find the issue.
Hide replies 0
Pingback: http://youknowme2.com/2016/05/31/how-to-run-network-discovery-sccm-2007/
Pingback: http://sccmdeploy.dk/?p=500
Pingback: http://sccmdeploy.dk/?p=544

Mike

12.17.2015 AT 12:01 PM
Good article. If we install the client on non-windows machines, are they discovered? Is there a way to automatically approve these clients?
Hide replies 0
Related posts
Benoit LecoursMay 24 20242 Min Read
Renew Intune Apple MDM Push Certificate

To enroll and manage iOS/MAC devices in Intune, you must create an Intune Apple Certificate. These...

SCCM/MECM
Benoit LecoursMay 08 20243 Min Read
Deploy Microsoft Authenticator app using Microsoft Intune

With the increasing number of mobile users requesting access to external resources many...

SCCM/MECM
Benoit LecoursApril 30 20242 Min Read
Understanding Intune Autopilot Error 0x8007052e

Two days ago, Microsoft had an outage affecting Intune AutoPilot Pre-Provisionning. Users...

SCCM/MECM
Request a Quote

Please fill out the form, and one of our representatives will contact you in Less Than 24 Hours. We are open from Monday to Friday.

Consulting Services

Subscription

PatchMyPC

Reports and Guides

I'm interested in working with you

Consulting services and time banks are used for generic requests. All others are fixed-price plans.

Never share sensitive information (credit card numbers, social security numbers, passwords) through this form.
Request Sent

Thank you for your request. You will receive an email with more details. Take note that we normally work from Monday to Friday. We will get in touch with you as soon as possible.

Comment Sent

Thank for your reply!

Error

Something went wrong!