SCCM 2012 Client Deployment (Part 2)

by [Published on 7 March 2013 / Last Updated on 7 March 2013]

In this part of the article series we'll discuss boundaries, boundary groups and AD discovery.

If you would like to read the other parts of this article series please go to:


With System Center Configuration Manager 2012 (SCCM), Microsoft has upped the ante when it comes to systems management. While providing the services that customers have come to expect, SCCM 2012 adds a number of new capabilities. However, getting SCCM fully prepared for use can be a daunting undertaking for the uninitiated. The client deployment process is fraught with challenges and landmines that must be avoided. That’s why the sole focus of this series is to help you get your SCCM environment configured for client deployment.

In part 1 of this series, you learned about some SCCM basics and we focused on the Active Directory System Discovery method for finding computer resources to add to Configuration Manager’s database.In this article, we’re going to cover:

  • Boundaries
  • Boundary Groups
  • Active Directory Forest Discovery


SCCM has to have some way to understand which clients belong to it and which clients do not. After all, you don’t want errant clients to find their way into your SCCM environment. To do so would introduce the possibility, for example, of unauthorized clients receiving licensed software. Further, clients in various locations need to know from where their content will be sourced.

In other words, clients need to be able to determine their site assignment and the distribution points or distribution groups that they should use to source content, such as software deployments. It’s through the use of boundaries that the beginnings of this process take place.

When the Active Directory System Discovery process discovers a new resource, the resource’s network information is gathered and compared with the boundaries that have been created in boundary groups. This comparison associates the discovered resource with an SCCM site so that client push and other SCCM operations can work.

Boundaries are created and managed from the Administration area in the SCCM console. Once you choose the Administration section, expand Overview > Hierarchy Configuration and select Boundaries. As you can see in Figure 1, a number of boundaries have already been created for this installation.

Figure 1:
Create new boundaries in your SCCM environment

SCCM 2012 supports four boundary types:

IP subnet

Most organizations break their networks up into smaller subnets to control traffic patterns and for management and security purposes.SCCM administrators can leverage these existing structures by creating IP subnet-based boundaries. IP subnet boundaries can be used to allow computers in a single Active Directory site to be members of different SCCM sites.

As you create new boundaries or boundaries are discovered through one of your discovery methods, they are added to the SCCM console. After the fact, you can modify boundary settings by double-clicking the boundary to open the properties page for the boundary.

Each boundary has one or more properties pages associated with it. On the General tab, shown for the IP Subnet boundary in Figure 2 below, you can see that this boundary type requests a few pieces of information, including:

  • Description. A description of the boundary.
  • Type. The type of boundary you’re working with.
  • Network. The network encompassed by this boundary.
  • Subnet mask. The subnet mask of the network encompassed by this boundary.
  • Subnet ID. The subnet ID is the result of the Network and Subnet mask information, which are not saved after the creation of the boundary.

Figure 2:
IP subnet boundary - General tab

You can associate each boundary with one or more site systems in your organization by manipulating the Site Systems tab.

Figure 3:
IP subnet boundary - Site Systemstab

In Figure 4, you can see that this boundary is associated with a boundary group. As indicated before, every boundary needs to be associated with one or more boundary groups.

Figure 4:
IP subnet boundary - Boundary Groupstab

Active Directory Site

Active Directory site boundaries are based on your existing Active Directory site structure.

Figure 5:
An Active Directory site boundary group

IPv6 Prefix

If you’re using IPv6 on your network, you can create a boundary based on the IPv6 prefixes in use in your organization. For this boundary type, there are only two configuration tabs – General and Boundary Groups.

The General tab is shown below and displays the boundary’s description, type, and IPv6 prefix.

Figure 6:
Create an IPv6 boundary

IP address range

One of the most granular ways that you can choose to create boundaries is to use an IP address range. Unlike an IP subnet, an IP address range allows an administrator to specify a small set of IP addresses.

Figure 7:
IP range boundary properties

Boundary Groups

Boundary Groups are a brand new features to SCCM 2012 and they’re not optional. Every boundary that you create must be a member of a boundary group in order to be used. If a boundary is not a member of a boundary group, devices associated with that boundary will not be able to locate their assigned sites and servers.

In Figures 8 and 9 below, you can see how to configure boundary groups. There are three tabs.

The General tab contains the name and description of the boundary group as well as a list of all of the individual boundaries that comprise the boundary group. You can add new boundaries to or remove existing boundaries from a boundary group by using the Add and Remove buttons.

Figure 8:
Boundary Group - General tab

In Figure 9, you can see that there is significant additional information associated with a boundary.

  • Use this boundary for group site assignment. When selected, client in boundaries associated with this boundary group will be assigned to the selected site.
  • Content location. Identify the SCCM servers – distribution points and state migration points – that will serve clients in this boundary group.With SCCM 2012, you can configure the speed of the connection between servers. This is one way by which SCCM 2012 reduces the need for separate SCCM sites. In previous versions of SCCM, if you wanted to configure the network speed between different physical locations, you would have needed to create separate sites.

Figure 9:
Boundary Group - References page

Active Directory Forest Discovery

We just discussed a bunch of boundary types and boundary groups. You could create each of these manually, or you can allow the Active Directory Forest Discovery method to create them automatically as they are discovered.

For example, if you choose to use the Active Directory Forest Discovery method, you can streamline the boundary creation process through some options that are available on that discovery method’s configuration page:

  • Automatically create Active Directory site boundaries when they are discovered.
  • Automatically create IP address range boundaries for IP subnets when they are discovered.

You can see these options below in Figure 10.

Figure 10:
Active Directory Forest Discovery configuration

Overlapping boundaries

Make sure you spend some time on the boundary and boundary group creation process so that you don’t run into problems later. Review all automatically created boundaries to ensure that there isn’t any overlap between boundaries with particular attention paid to eliminate overlapping boundaries related to Active Directory sites. Some SCCM admins prefer to stick to manually created IP address ranges as opposed to IP subnets and Active Directory sites in order to maintain stricter control over boundaries and prevent overlap. Overlapping boundaries can make it impossible for clients to operate the way they’re supposed to.

However, in SCCM 2012, overlapping boundaries aren’t always negative. Here are some quick tips:

  • Site assignment. Don’t have overlapping boundaries. The client may not be able to associate with the correct site. Avoid!
  • Content location discovery. Overlapping boundaries aren’t a problem. The client can use any of the content locations, depending on the network location of the client.


And that’s it for boundaries, boundary groups and AD discovery for now. We’ll carry on with client deployment options in the next part of this series.

If you would like to read the other parts of this article series please go to:


Featured Links