Active Directory Security Group Discovery polling can generate significant network traffic, so you should schedule the discovery to occur at times when this network traffic will not adversely affect business uses of your network.

Note
You must have Modify permission for the Site Security object class or instance to configure this discovery method. For more information about security permissions, see Classes and Instances for Object Security in Configuration Manager.

To configure Active Directory Security Group Discovery

  1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Site Management / <site name> / Site Settings / Discovery Methods.

  2. Right-click Active Directory Security Group Discovery, and then click Properties.

  3. Enable the discovery method if it is not already enabled.

  4. On the General tab, click the New icon to specify a new Active Directory container.

  5. On the New Active Directory Container dialog box, specify the container to search by location. Three options are available:

    • Local domain: Searches for Active Directory containers in the domain in which the computer hosting the Configuration Manager console resides.

    • Local forest: Searches for Active Directory containers in the forest in which the computer hosting the Configuration Manager console resides.

    • Custom LDAP or GC Query: Searches for Active Directory containers using a Lightweight Directory Access Protocol (LDAP) or a General Catalog (GC) query.

      If this option is selected, you can either enter the path to an existing query to run the search or click Browse to navigate to a query.

  6. Select any additional search options to use. Two options are available:

    • Recursive: Specifies that the search includes child containers. This check box is selected by default. If it is cleared, child containers are not searched.

    • Include nested groups: Specifies that objects within groups are discovered by this method. If it is selected, you can discover objects in other domains, but the likelihood of discovering the same object more than once is increased. If this check box is cleared, duplicate objects and objects in other domains are less likely to be found. This will result in the discovery process completing more quickly. This check box is cleared by default.

  7. Click OK.

  8. On the Polling Schedule tab, click the Schedule button and set a custom schedule if desired. By default, the Active Directory Security Group Discovery method polls once per day.

  9. To run the discovery method immediately, select the Run discovery as soon as possible check box.

    Note
    This check box is cleared when the run request is made to the Configuration Manager site database.
  10. Click OK.

See Also