Microsoft System Center Configuration Manager 2007 Discovery identifies computer and user resources that can be managed by a Configuration Manager 2007 site. When a resource is discovered, Configuration Manager creates a record in the Configuration Manager database for the resource and its associated information. You can then use the discovery information to help you to install the Configuration Manager client, and create custom queries and collections that are used to logically group resources for related management tasks. For example, after discovering Active Directory information about computers, you can create a collection to install Microsoft Office to all the client computers in a specified organizational unit (OU).
You must run Discovery before you can install clients by using client push. However, the other client installation methods do not require that you run Discovery. For more information about the other client installations methods, see Determine the Configuration Manager Client Installation Method to Use.
To discover resources, you must run at least one discovery method that is suitable for the resource that you want to discover. Some discovery methods do not discover new resources, but provide additional information for previously discovered resources, or update existing records in the Configuration Manager database.
 Note |
|---|
| You can create records for resources that cannot be discovered by Configuration Manager by using Management Information Files (MIFs). For more information, see How to Extend Hardware Inventory Using MIF Files. |
For more information about resources in Configuration Manager 2007, see About Resources.
Discovery Data Records
When Discovery runs, it creates discovery data records (DDRs). The information contained in a DDR varies depending upon the discovered resource. For example, it can include the NetBIOS name of a computer, the IP address and IP subnet of a computer or device, and the computer operating system name. The approximate size of an individual DDR is 1 KB.
Discovery Data Manager is the thread of the SMS Executive service that processes DDRs. When a discovery record is generated at a secondary site, it is transferred to the parent primary site where it is processed, and subsequently forwarded if there are other primary sites higher in the hierarchy. When the DDR is processed, Discovery Data Manager adds or updates resource information from the DDR in the site database.
Discovery in Configuration Manager Hierarchies
Discovery can be run from primary and secondary site servers in the Configuration Manager hierarchy. When you have a hierarchy, consider the following:
- Discovery data flows up the hierarchy. The
discovery data is processed at each primary site in the tree up to
and including the central site.
- Secondary sites do not process discovery data
even when discovery is configured to run at the secondary site.
When discovery is run on secondary sites, the secondary site server
passes the discovery data records to the primary site server for
processing. Secondary sites always receive discovery-related data
from their parent primary site.
- Discovery data is not sent down to child
primary sites in the hierarchy.
- Discovery can generate significant traffic on
the network, especially if the same resources are discovered at
multiple sites within the hierarchy. To help reduce the amount of
network traffic generated, follow these best practices:
- Do not enable discovery at a site in the
hierarchy if that site and its child secondary sites do not require
the discovery data.
- Review each discovery method to determine
which ones will generate the least amount of traffic on your
network and how often to run them to keep the discovery data
up-to-date.
- Modify the properties of the Active Directory
discovery methods such that you query specific containers whenever
possible. For example, configure Active Directory System Discovery
to query OUs that contain the computers that you want to discover,
rather than querying the whole domain.
- Do not enable discovery at a site in the
hierarchy if that site and its child secondary sites do not require
the discovery data.
- Of all the discovery methods, only Heartbeat
Discovery keeps the status of the client record as active. Ensure
that Heartbeat Discovery is enabled to keep the client records
active.
Discovery Methods
There are six configurable discovery methods. With the exception of Heartbeat Discovery, all the discovery methods run from the site server where they are enabled and search specified locations for resources to be added to the Configuration Manager site.
To configure a Discovery method, with the exception of Heartbeat Discovery, you must have Modify permission on the site.
The discovery methods that you can configure are as follows:
- Active Directory System Discovery –
Discovers computers from the specified locations in Active
Directory Domain Services.
- Active Directory User Discovery -
Discovers user accounts from the specified locations in Active
Directory Domain Services.
- Active Directory Security Group
Discovery - Discovers security groups, including local, global,
and universal groups from the specified locations in Active
Directory Domain Services.
- Active Directory System Group
Discovery – Discovers additional information about previously
discovered computers from the specified locations in Active
Directory Domain Services. This information includes the OU and
group membership of the computer. Active Directory System Group
Discovery does not discover information about new resources that
did not previously exist in the Configuration Manager site
database.
- Heartbeat Discovery – Used by active
Configuration Manager clients to update their discovery records in
the database. Because it is initiated by an active client,
Heartbeat Discovery does not discover new resources.
- Network Discovery – Searches your
network infrastructure for network devices that have an IP address.
This allows you to discover devices that might not be found by
other discovery methods, including printers, routers, and
bridges.
In addition to these six discovery methods, Configuration Manager 2007 also uses a process named NT Server Discovery (SMS_WINNT_SERVER_DISCOVERY_AGENT) that creates resource records for computers that are site systems, such as the computer that is configured with the management point site system role. This method of discovery runs daily and is not configurable.
Site systems discovery is recorded in the log file ntsvdis.log in the <InstallationPath>\LOGS folder on the site server.
Use the following table to choose which discovery methods to use.
| Discovery Method | Discovers New Resources | Provides Additional Details for Discovered Resources | Maintains Discovery Records for Active Clients | Provides Discovery of Customized Attributes in Active Directory Domain Services |
|---|---|---|---|---|
|
Active Directory Security Group Discovery |
Yes |
No |
No |
No |
|
Active Directory System Discovery |
Yes |
No |
No |
Yes1 |
|
Active Directory System Group Discovery |
No |
Yes |
No |
No |
|
Active Directory User Discovery |
Yes |
No |
No |
Yes1 |
|
Heartbeat Discovery |
No |
No |
Yes |
No |
|
Network Discovery |
Yes |
No |
No |
No |
1 Active Directory customized attributes can be configured in Active Directory System Properties on the Active Directory Attribute tab, and in Active Directory User Discovery Properties on the Active Directory Attribute tab.
Active Directory Discovery
When you use any of the four Active Directory discovery methods, Configuration Manager uses the site server computer account to contact the nearest domain controller and to locate Active Directory resources in the Active Directory locations that you specify. Active Directory discovery can find computer accounts, user accounts, computer groups, and security groups. Additionally, Active Directory System Discovery and Active Directory User Discovery can discover additional Active Directory attributes that are not collected by default. You can specify how often the Active Directory discovery methods run.
To ensure that Active Directory discovery methods use a particular domain controller, specify the Active Directory container by using a query that has the following syntax:
LDAP:// <server> /DC= <domain>, DC=<third tier DNS name>, DC=<second tier DNS name>, DC=<first tier DNS name>
To ensure that Active Directory discovery methods use the Active Directory global catalog, specify the Active Directory container by using a query that has the following syntax:
GC://DC= <domain>, DC=<third tier DNS name>, DC=<second tier DNS name>, DC=<first tier DNS name>
To run Active Directory Discovery, the Active Directory domain can be in any Active Directory mode, and the site server computer account must have Read access to the specified Active Directory containers. Additionally, this account has the following requirements:
- When you use this account to discover
resources in domains other than the site server’s domain, the site
server computer account must be a member of the Domain Users or
local Users group in the other domain.
- When you use this account to discover
resources in a different forest, a full forest trust is required
between the two forests.
When an Active Directory discovery method runs, it searches the specified locations for objects and then attempts to collect information about the object. A DDR will be created if sufficient information about the resource can be identified. The required information varies depending on the discovery method in use.
See Also
Tasks
Troubleshooting Discovery IssuesOther Resources
Discovery OverviewDiscovery Troubleshooting Flowcharts