Introduction to Configuration Manager 2012 (Part 3)

by [Published on 21 Aug. 2012 / Last Updated on 21 Aug. 2012]

In this part of the series, we’ll begin to explore the discovery process and client settings in SCCM.

If you would like to read the other parts in this article series please go to:

Introduction

In part 1 of this series, we went through a complete installation of System Center 2012 Configuration Manager and, by the end of the article, had a fully operational system. In part 2, we began investigating the new features and the console. In this part of the series, we’ll begin to explore the discovery process and client settings.

Discovery

Discovery is an incredibly important process in SCCM. It is through discovery that you locate resources that can be brought into SCCM for management purposes. Further, some discovery methods enable the automatic creation of boundaries, virtual “boxes” in SCCM that help the system make sure that clients are managed appropriately.

When an object is discovered, SCCM creates what is called a Discovery Data Record (DDR) that holds the details about the discovered object. This DDR will include information such as the computer name for a discovered computer or the user name for a discovered user account in Active Directory. These DDRs are processed by SCCM and entered into the SCCM database as objects that can be manipulated.

In an out-of-the-box configuration, the only discovery method enabled by default is the heartbeat discovery method. In order to discover any other resources, an administrator must proactively decide which discovery methods to enable and then configure the selected methods.

Beyond just using discovery to identify objects that can be managed with SCCM, you can also use discovered objects in queries that group similar objects for management purposes, thus further streamlining the desktop management process in your organization.

Discovery options

There are a number of discovery options available in SCCM 2012. If you’re used to older versions of SCCM, get used to some changes, too, as new methods have been introduced and some removed.

Among the changes:

  • Active Directory System Group Discovery is no longer available.
  • A new discovery method named Active Directory Forest Discovery has been added. This new discovery method is described later in this article.
  • Discovery information in one site is replicated to other sites using SCCM 2012’s new database replication processes.
  • The Active Directory Security Group Discovery method is now known as Active Directory Group Discovery. Further, this discovery method has been improved and can now discover the group memberships of discovered resources.
  • Some Active Directory discovery methods (User, System, Group) now support “Delta Discovery.” Delta discovery itself is improved in SCCM 2012 and is a method by which discovery can locate just objects that have been added or changed since the previous discovery cycle.

Now, let’s explore each of the discovery options that are available to you.

Active Directory Forest Discovery

This discovery method discovers forests, domains, AD sites, and IP subnets. It’s a high level method that is new to SCCM 2012. Objects discovered using this method can be used to automatically create boundaries, which we will cover later.

For each discovery method, there are settings that can be manipulated, which control how the discovery method works. In Figure 1, the very few settings that are available for Forest discovery are displayed.


Figure 1: Forest discovery options

Note that this discovery method is enabled. I’ve enabled it for use in my lab, but, be default, it’s not enabled.

Once enabled, there are additional options you can configure. You can tell Configuration Manager that you would like to have boundaries automatically created based on any discovered Active Directory sites and you can do the same, but based on IP address ranges/IP subnets. Boundaries are used by SCCM to localize client management.

Finally, you can configure discovery to run every so often so that it can discover new resources that might make their way into the environment. The default for Active Directory Forest Discovery is to run every week.

Active Directory Group Discovery

Discovers Active Directory groups and group membership or computers and users. With this discovery method, you can also discover limited information about group member computers and users. Because this discovery method isn’t as robust as other methods, it’s recommended that you not run this discovery method until after you’ve run either System or User discovery. Those two methods can create full Discovery Data Records for users and computers while Group discovery creates a much more limited DDR.

Group discovery is not enabled by default and you need to provide a scope in which SCCM should look for new group resources.


Figure 2: Group discovery options

When you choose the Add option, you can add an AD location that SCCM will use to look for new groups. This screen is shown in Figure 3.


Figure 3: Add an AD location

You can also explicitly add Active Directory groups that SCCM will parse to discover group members. In Figure 4, the Add Groups window is shown. Here, you would provide the name for an AD group and let SCCM do the rest.


Figure 4: Add an Active Directory group

As was the case for Forest discovery, Group discovery can be configured to run periodically in order to discover new resources. By default, this discovery method runs every 7 days, as you can see in Figure 5. In Figure 6, I’ve also included the Custom Schedule window so that you can see the options that you have at your disposal for creating a discovery schedule.

In Figure 5, note also the Enable delta discovery option. When this is enabled, which is the default setting, new resources that have been added or modified since the previous discovery will be discovered and added to or updated in the SCCM database.


Figure 5: Group discovery polling schedule


Figure 6:
Create a custom schedule

The Group discovery method also carries with it some additional options, which are shown in Figure 7. You can choose to have computers discovered only if they have logged in within, for example, the past 90 days. Remember, once a group is discovered, the members of that group are also discovered and computers can be members of groups, hence the computer login option.

You can also choose to include only computers that have had their password updated within a certain period of time and can specify that Group discovery should also attempt to discover the membership of distribution groups rather than just security groups.


Figure 7: Group discovery additional options

Active Directory System Discovery

System discovery is one of the two possible discovery methods (the other being Network Discovery) that you might use to discover client computers in the environment and to which the SCCM client might be installed. System discovery discovers a number of details about systems, including:

  • Computer name
  • Operating system and version
  • Active Directory container name
  • IP address
  • Active Directory site
  • Last Logon Timestamp

System discovery is one of the most common methods that you will use. As is the case for most of the discovery methods—with the only exception being Heartbeat discovery—the administrator must proactively enable the discovery option. With System discovery, the administrator also needs to specify the Active Directory container that should be searched for new system resources. In my example, I’m searching at the root and have enabled recursion so that SCCM will be able to look in subcontainers, too.


Figure 8: System discovery settings

With the System discovery method, you can also tell SCCM to retrieve additional Active Directory attributes for discovered resources. You might want to gather additional information to use in queries, for example.


Figure 9: System discovery additional Active Directory attributes

As was the case with Group discovery, System discovery also provides you with some additional configuration options, which are shown in Figure 10.


Figure 10: System discovery additional options

Active Directory User Discovery

This discovery method discovers user objects from Active Directory. Again, you need to enable the discovery method and specify Active Directory containers that should be searched for new user objects.


Figure 11: User discovery settings

There’s not much else to say about User discovery. The other tabs – Polling Schedule and Active Directory Attributes – are the same as tabs that we’ve seen in other discovery methods.

Network Discovery

Sometimes, you might have network objects that can’t be discovered via Active Directory discovery methods. The Network Discovery option allows you to go directly to the network to find new objects, such as computers, printers and network devices. Network discovery does have some downsides, though. It’s quite “noisy” meaning that it generates a lot of network traffic and can be extremely resource intensive. As such, you should use other discovery methods before resorting this one.

That said, you sometimes have to use Network Discovery. You may have systems that aren’t in Active Directory, such as workgroup computers, switches and other network devices.

In Figure 12, you can see the general options that are available, including the ability to enable the discovery method. You will also see that there are three options available in the Type of discovery area:

  • Topology. Discovers network topology by discovering subnets and routers.
  • Topology and client. Adds to the mix by discovering clients.
  • Topology, client and client operating system. Takes things a step further by attempting to also determine the client operating system and version.


Figure 12: Network discovery general settings

Every network has subnets. In this spirit, SCCM provides you with a way to tell SCCM which subnets should be searched for resources (Figure 13). My lone subnet in my lab is 192.168.0.0/16.


Figure 13: Network discovery subnets

Likewise, you can tell SCCM to look in a domain.


Figure 14: Network discovery domain settings

For SNMP devices, you need to tell SCCM about any community names that you might be using in your environment. As you can see in Figure 15, my lab domain uses the default of public as an SNMP community name.


Figure 15: Network discovery SNMP community names

You can also indicate to SCCM specific SNMP devices that should be used to discover resources.


Figure 16: Network discovery SNMP devices

If you are using Microsoft’s DHCP server in your environment, you can leverage that system to enable SCCM to use it to discover resources that can be brought into SCCM for management. I’m not using a Microsoft DHCP server in my lab, so I cannot test this scenario right now.


Figure 17: Network discovery DHCP features

Heartbeat Discovery

Heartbeat discovery is different from all of the other discovery methods in that it doesn’t actually discovery any new resources at all. Instead, heartbeat discovery is a client-initiated process that informs SCCM that the client is still alive and kicking.

You can see in Figure 18 that there are just two options for Heartbeat discovery. Do you want to enable this discovery method and how often should clients check in?


Figure 18: Heartbeat discovery options

Summary

Discovery is a foundation SCCM process. It’s absolutely required in order for you to move forward with your use of the product. In this article, you learned about the various discovery options at your disposal. In the next part of this series, we’ll continue implementing SCCM 2012.

If you would like to read the other parts in this article series please go to:

Advertisement

Featured Links