System Center 2012 Configuration Manager discovery identifies computer and user resources that you can manage by using Configuration Manager. It can also discover the network infrastructure in your environment. Discovery creates a discovery data record (DDR) for each discovered object and stores this information in the Configuration Manager database.

When discovery of a resource is successful, discovery puts information about the resource in a file that is referred to as a discovery data record (DDR). DDRs are in turn processed by site servers and entered into the Configuration Manager database where they are then replicated by database-replication with all sites. The replication makes discovery data available at each site in the hierarchy, regardless of where it was discovered or processed.

You can use discovery information to create custom queries and collections that logically group resources for management tasks such as the assignment of custom client settings and software deployments. Computers must be discovered before you can use client push installation to install the Configuration Manager client on devices.

Use the following sections to help you plan for discovery in Configuration Manager:

What’s New in Configuration Manager

Discovery Methods in Configuration Manager

Before you enable discovery methods for Configuration Manager, ensure you understand what each method can discover. Because discovery can generate a large volume of network traffic, and the resultant DDRs can result in a significant use of CPU resources during processing, plan to use only those discovery methods that you require to meet your goals. You could use only one or two discovery methods to be successful, and you can always enable additional methods in a controlled manner to extend the level of discovery in your environment.

Use the following table to help you plan for each of the six configurable discovery methods.

Discovery method Enabled by default Accounts that run discovery More information

Active Directory Forest Discovery


Active Directory Forest Discovery Account, or the computer account of the site server

  • Can discover Active Directory sites and subnets, and then create Configuration Manager boundaries for each site and subnet from the forests that you have configured for discovery. When Active Directory Forest Discovery identifies a supernet that is assigned to an Active Directory site, Configuration Manager converts the supernet into an IP address range boundary.

  • Supports a user-defined account to discover resources for each forest.

  • Can publish to the Active Directory Domain Services of a forest when publishing to that forest is enabled, and the specified account has permissions to that forest.

Active Directory System Discovery


Active Directory System Discovery Account, or the computer account of the site server

  • Discovers computers from the specified locations in Active Directory Domain Services.

Active Directory User Discovery


Active Directory User Discovery Account, or the computer account of the site server

  • Discovers user accounts from the specified locations in Active Directory Domain Services.

Active Directory Group Discovery


Active Directory Group Discovery Account, or the computer account of the site server

  • Discovers local, global, and universal security groups, the membership within these groups, and the membership within distribution groups from the specified locations in Active directory Domain Services. Distribution groups are not discovered as group resources.

Heartbeat Discovery


Computer account of the client

  • Used by active Configuration Manager clients to update their discovery records in the database.

  • Heartbeat Discovery can force discovery of a computer as a new resource record, or can repopulate the database record of a computer that was deleted from the database.

Network Discovery


Computer account of the site server

  • Searches your network infrastructure for network devices that have an IP address.

  • Can discover devices that might not be found by other discovery methods. This includes printers, routers, and bridges.

All configurable discovery methods support a schedule for when discovery runs. With the exception of Heartbeat Discovery, you can configure each method to search specific locations for resources to add to the Configuration Manager database. After discovery runs, you can change the locations that a discovery method searches. These new locations are searched during the next discovery run. However, the next run of the discovery method is not limited to the new locations and always attempts to discover information from all current configured locations.

Heartbeat Discovery is the only discovery method that is enabled by default. To help maintain the database record of Configuration Manager clients, do not disable Heartbeat Discovery.

In addition to these discovery methods, Configuration Manager also uses a process named Server Discovery (SMS_WINNT_SERVER_DISCOVERY_AGENT). This discovery method creates resource records for computers that are site systems, such as a computer that is configured as a management point. This method of discovery runs daily and is not configurable.

Decide Which Discovery Methods to Use

To discover potential Configuration Manager client computers or user resources, you must enable the appropriate discovery methods. You can use different combinations of discovery methods to locate different resources and to discover additional information about those resources. The discovery methods that you use determine the type of resources that are discovered and which Configuration Manager services and agents are used in the discovery process. They also determine the type of information about resources that you can discover.

Discover Computers
When you want to discover computers, you can use Active Directory System Discovery or Network Discovery.

As an example, if you want to discover resources that can install the Configuration Manager client before you use client push installation, you might run Active Directory System Discovery. Alternately you could run Network Discovery and use its options to discover the operating system of resources (required to later use client push installation). However, by using Active Directory System Discovery, you not only discover the resource, but discover basic information and can discover extended information about it from Active Directory Domain Services. This information might be useful in building complex queries and collections to use for the assignment of client settings or content deployment. Network Discovery, on the other hand, provides you with information about your network topology that you are not able to acquire with other discovery methods, but Network Discovery does not provide you any information about your Active Directory environment.

It is also possible to use only Heartbeat Discovery to force the discovery of clients that you installed by methods other than client push installation. However, unlike other discovery methods, Heartbeat Discovery cannot discover computers that do not have an active Configuration Manager client, and returns a limited set of information. It is intended to maintain an existing database record and not to be the basis of that record. Information submitted by Heartbeat Discovery might not be sufficient to build complex queries or collections.

If you use Active Directory Group Discovery to discover the membership of a specified group, you can discover limited system or computer information. This does not replace a full discovery of computers but can provide basic information. This basic information is insufficient for client push installation.

Discover Users
When you want to discover information about users, you can use Active Directory User Discovery. Similar to Active Directory System Discovery, this method discovers users from Active Directory and includes basic information in addition to extended Active Directory information. You can use this information to build complex queries and collections similar to those for computers.

Discover Group Information
When you want to discover information about groups and group memberships, use Active Directory Group Discovery. This discovery method creates resource records for security groups.

You can use this method to search a specific Active Directory group to identify the members of that group in addition to any nested groups within that group. You can also use this method to search an Active Directory location for groups, and recursively search each child container of that location in Active Directory Domain Services.

This discovery method can also search the membership of distribution groups. This can identify the group relationships of both users and computers.

When you discover a group, you can also discover limited information about its members. This does not replace Active Directory System or User Discovery and is usually insufficient to build complex queries and collections or serve as the bases of a client push installation.

Discover Infrastructure
There are two methods that you can use to discover network infrastructure, Active Directory Forest Discovery and Network Discovery.

You can use Active Directory Forest Discovery to search an Active Directory forest for information about subnets and Active Directory site configurations. These configurations can then be automatically entered into Configuration Manager as boundary locations.

When you want to discover your network topology, use Network Discovery. While other discovery methods return information related to Active Directory Domain Services and can identify the current network location of a client, they do not provide infrastructure information based on the subnets and router topology of your network.

About Active Directory System, User, and Group Discovery Methods

This section contains information about the following discovery methods:

  • Active Directory System Discovery

  • Active Directory User Discovery

  • Active Directory Group Discovery

The information in this section does not apply to Active Directory Forest Discovery.

These three discovery methods are similar in configuration and operation, and can discover computers, users, and information about group memberships of resources that are stored in Active Directory Domain Services. The discovery process is managed by a discovery agent that runs on the site server at each site where discovery is configured to run. You can configure each of these discovery methods to search one or more Active Directory locations as location instances in the local forest or remote forests.

When discovery searches an untrusted forest for resources, the discovery agent must be able to resolve the following to be successful:

  • To discover a computer resource with Active Directory System Discovery, the discovery agent must be able to resolve the FQDN of the resource. If it cannot resolve the FQDN, it will then attempt to resolve the resource by its NetBIOS name.

  • To discovery user or group resource with Active Directory User Discovery or Active Directory Group Discovery, the discovery agent must be able to resolve the FQDN of the domain controller name you specify for the Active Directory location.

For each location instance that you specify, you can configure individual search options such as enabling a recursive search of the locations Active Directory child containers. You can also configure a unique account to use when it searches that location instance. This provides flexibility in configuring a discovery method at one site to search multiple Active Directory locations across multiple forests, without having to configure a single account that has permissions to all locations.

When each of these three discovery methods run at a specific site, the Configuration Manager site server at that site contacts the nearest domain controller in the specified Active Directory forest to locate Active Directory resources. The domain and forest can be in any supported Active Directory mode, and the account that you assign to each location instance must have Read access permission to the specified Active Directory locations. Discovery searches the specified locations for objects and then attempts to collect information about those objects. A DDR is created when sufficient information about a resource can be identified. The required information varies depending on the discovery method that is being used.

If you configure the same discovery method to run at different Configuration Manager sites to take advantage of querying local Active Directory servers, you can configure each site with a unique set of discovery options. Because discovery data is shared with each site in the hierarchy, avoid overlap between these configurations to efficiently discover each resource one time. For smaller environments, you might consider running each discovery method at only one single site in your hierarchy to reduce administrative overhead and the potential for multiple discovery actions to rediscover the same resources. When you minimize the number of sites that run discovery you can reduce the overall network bandwidth that is being used by discovery, and reduce the overall number of DDRs that are created and must be processed by your site servers.

Many of the discovery method configurations are self-explanatory. Use the following sections for more information about the discovery options that might require additional information before you configure them.

Shared Discovery Options

Active Directory System Discovery

Active Directory User Discovery

Active Directory Group Discovery

About Active Directory Forest Discovery

Use Configuration Manager Active Directory Forest Discovery to discover IP subnets and Active Directory sites and to add them to Configuration Manager as boundaries.

Unlike other discovery methods, Active Directory Forest Discovery does not discover resources that you can manage. Instead, this method discovers Active Directory network locations and can convert those locations into boundaries for use throughout your hierarchy.

Use Active Directory Forest Discovery to do the following:

  • Discover IP subnets in an Active Directory forest

  • Discover Active Directory sites in an Active Directory forest

  • Add the IP subnets and Active Directory sites that are discovered as boundaries in Configuration Manager

  • Publish to the Active Directory Domain Services of a forest when publishing to that forest is enabled, and the specified Active Directory Forest Account has permissions to that forest

Manage Active Directory Forest Discovery in the Configuration Manager console from the following nodes under Hierarchy Configuration in the Administration workspace:

  • Discovery Methods: Here you can enable Active Directory Forest Discovery to run at the top-level site of your hierarchy. You can also specify a simple schedule to run discovery, and configure it to automatically create boundaries from the IP subnets and Active Directory sites that it discovers. Active Directory Forest Discovery cannot be run at a child primary site or at a secondary site.

    This discovery method does not support Delta Discovery.
  • Active Directory Forests: Here you configure the additional Active Directory forests that you want to discover, specify the account to use as the Active Directory Forest Account for each forest, and configure publishing to each forest. Additionally, you can monitor the discovery process and add IP subnets and Active Directory sites to Configuration Manager as boundaries and members of boundary groups.

When publishing is enabled for a forest and that forests schema is extended for Configuration Manager, the following information is published for each site that is enabled to publish to that Active Directory forest:

  • SMS-Site-<site code>

  • SMS-MP-<site code>-<site system server name>

  • SMS-SLP-<site code>-<site system server name>

  • SMS-<site code>-<Active Directory site name or subnet>

Secondary sites always use the secondary site server computer account to publish to Active Directory. If you want secondary sites to publish to Active Directory, ensure the secondary site server computer account has permissions to publish to Active Directory. A secondary site cannot publish data to an untrusted forest.
To configure publishing for Active Directory forests for each site in your hierarchy, connect your Configuration Manager console to the top-level site of your hierarchy. The Publishing tab in an Active Directory site Properties dialog box can only display the current site, and its child sites.
When you clear the option to publish a site to an Active Directory forest, all previously published information for that site, including available site system roles, is removed from the Active Directory of that forest.

Active Directory Forest Discovery runs on the local Active Directory forest, each trusted forest, and each additional forest that you configure in the Active Directory Forests node of the Configuration Manager console.

Active Directory Forest Discovery actions are recorded in the following logs:

  • All actions, with the exception actions related to publishing, are recorded in the ADForestDisc.Log file in the <InstallationPath>\Logs folder on the site server.

  • Active Directory Forest Discovery publishing actions are recorded in the hman.log and sitecomp.log in the <InstallationPath>\Logs folder on the site server.

About Delta Discovery

Delta Discovery is not a full discovery method in Configuration Manager, but an option available for the Active Directory System, User, and Group discovery methods. Delta Discovery can identify most changes to a previously discovered resource in Active Directory and use fewer resources than a full discovery cycle.

When you enable Delta Discovery for a discovery method, the discovery method searches Active Directory Domain Services (AD DS) for specific attributes that have changed after the discovery method’s last full discovery cycle. These changes are submitted to the Configuration Manager database to update the resources discovery record.

By default, Delta Discovery runs on a five minute cycle. This is because it uses fewer resources during discovery than a full discovery cycle, and does not affect the performance of the site server as much as a full discovery cycle would. When you use Delta Discovery, consider reducing the frequency of the full discovery cycle for that discovery method.

Delta Discovery can detect changes on Active Directory objects. The following are the most common changes that Delta Discovery detects:

  • New computers or users added to Active Directory

  • Changes to basic computer and user information

  • New computers or users that are added to a group

  • Computers or users that are removed from a group

  • Changes to System group objects

Although Delta Discovery can detect new resources, and changes to group membership, it cannot detect when a resource has been deleted from AD DS.

DDRs for objects that Delta Discovery discovers are processed similarly to the DDRs that are created by a full discovery cycle.

You configure Delta Discovery on the Polling Schedule tab in the properties for each discovery method.

About Heartbeat Discovery

Heartbeat Discovery differs from other Configuration Manager discovery methods. It is enabled by default and runs on each computer client to create a discovery data record (DDR). For mobile device clients, this DDR is created by the management point that is being used by the mobile device client.

Heartbeat Discovery runs either on a schedule configured for all clients in the hierarchy, or if manually invoked, on a specific client by running the Discovery Data Collection Cycle on the Action tab in a client’s Configuration Manager program. When Heartbeat Discovery runs, it creates a discovery data record (DDR) that contains the client’s current information including network location, NetBIOS name, and operational status details. It is a small file, about 1KB, which is copied to a management point, and then processed by a primary site. The submission of a Heartbeat Discovery DDR can maintain an active client’s record in the database, and also force discovery of an active client that might have been removed from the database, or that has been manually installed and not discovered by another discovery method.

Heartbeat Discovery is the only discovery method that provides details about the client installation status by updating a system resource client attribute that has the value Yes. To send the Heartbeat Discovery record, the client computer must be able to contact a management point.

With Configuration Manager SP1, the Heartbeat discovery data record also includes the version of the client agent.

The default schedule for Heartbeat Discovery is set to every 7 days. If you change the heartbeat discovery interval, ensure that it runs more frequently than the site maintenance task Delete Aged Discovery Data, which deletes inactive client records from the site database. You can configure the Delete Aged Discovery Data task only for primary sites.

Even when Heartbeat Discovery is disabled, DDRs are still created and submitted for active mobile device clients. This ensures that the Delete Aged Discovery Data task does not affect active mobile devices. When the Delete Aged Discovery Data task deletes a database record for a mobile device, it also revokes the device certificate and blocks the mobile device from connecting to management points.

Heartbeat Discovery actions are logged in the following locations:

  • For computer clients ,Heartbeat Discovery actions are recorded on the client in the InventoryAgent.log in the %Windir%\CCM\Logs folder.

  • For mobile device clients, Heartbeat Discovery actions are recorded in the DMPRP.log in the %Program Files%\CCM\Logs folder of the management point that the mobile device client uses.

About Network Discovery

Use Configuration Manager Network Discovery to discover the topology of your network and devices on your network.

Network Discovery searches your network for IP-enabled resources by querying servers that run a Microsoft implementation of DHCP, Address Resolution Protocol (ARP) caches in routers, SNMP-enabled devices and Active Directory domains.

To successfully discover a resource, Network Discovery must identify the IP address and the subnet mask of the resource. Because different types of devices can connect to the network, Network Discovery can discover resources that cannot support the Configuration Manager client software. For example, devices that can be discovered but not managed include printers and routers.

Network Discovery can return several attributes as part of the discovery record it creates. This includes the following:

  • NetBIOS name

  • IP addresses

  • Resource domain

  • System roles

  • SNMP community name

  • MAC addresses

To use Network Discovery, you must specify the level of discovery to run. You also configure one or more discovery mechanisms that enable Network Discovery to query for network segments or devices. You can also configure settings that help control discovery actions on the network. Finally, you define one or more schedules for when Network Discovery runs.

Complex networks and low bandwidth connections can cause Network Discovery to run slowly and generate significant network traffic. As a best practice, run Network Discovery only when the other discovery methods cannot find the resources that you have to discover. For example, use Network Discovery if you must discover workgroup computers. Workgroup computers are not discovered by other discovery methods.

When discovery identifies an IP-addressable object and can determine the objects subnet mask, it creates a discovery data record (DDR) for that object.

Network Discovery activity is recorded in the Netdisc.log in <InstallationPath>\Logs on the site server that runs discovery.

Levels of Network Discovery

Network Discovery Options

Limiting Network Discovery

Discovery Data Records Created by Network Discovery

About Discovery Data Records

Discovery data records (DDRs) are files created by a discovery method that contain information about a resource you can manage in Configuration Manager. DDRs contain information about computers, users and in some cases, network infrastructure. They are processed at primary sites or at central administration sites. After the resource information in the DDR is entered into the database, the DDR is deleted and the information replicates as global data to all sites in the hierarchy.

The site at which a DDR is processed depends on the information it contains:

  • DDRs for newly discovered resources that are not in the database are processed at the top-level site of the hierarchy. The top-level site creates a new resource record in the database and assigns it a unique identifier. DDRs transfer by file-based replication until they reach the top-level site.

  • DDRs for previously discovered objects are processed at primary sites. Child primary sites do not transfer DDRs to the central administration site when the DDR contains information about a resource that is already in the database.

  • Secondary site do not process discovery data records and always transfer them by file-based replication to their parent primary site.

DDR files are identified by the .ddr extension, and have a typical size of about 1 KB.

Decide Where to Run Discovery

When you plan to use discovery in Configuration Manager, you must consider where to run each discovery method.

After Configuration Manager adds discovery data to a database, it is quickly shared between all sites in the hierarchy. Because there is no benefit to discovering the same information at multiple sites in your hierarchy, consider configuring a single instance of each discovery method that you use to run at a single site instead of running multiple instances of a single method at different sites.

However, periodically it might help assign the same discovery method to run at multiple sites, each with a separate configuration and schedule. This is because at each site, all configurations for a single discovery method are evaluated every time that discovery method runs. If you do configure multiple instances of a single discovery method to run at different sites, plan the configuration of each carefully to avoid having two or more discovery processes discover the same resources. Discovering the same locations and resources at multiple sites can consume additional network bandwidth and create duplicate DDRs for resources that add no value and must still be processed by your site servers.

The following table identifies at which sites you can configure the different discovery methods.

Discovery method Supported locations

Active Directory Forest Discovery

  • Central administration site

  • Primary Site

Active Directory Group Discovery

  • Primary site

Active Directory System Discovery

  • Primary site

Active Directory User Discovery

  • Primary site

Heartbeat Discovery1

  • Primary site

Network Discovery

  • Primary site

  • Secondary site

1 Secondary sites cannot configure Heartbeat Discovery but can receive the Heartbeat DDR from a client.

When secondary sites run Network Discovery, or receive Heartbeat Discovery DDRs, they transfer the DDR by file-based replication to their parent primary site. This is because only primary sites and central administration sites can process discovery data records (DDRs). For more information about how DDRs are processed, see About Discovery Data Records in this topic.

Consider the following when you plan where to run discovery:

  • When you use an Active Directory Discovery method for systems, users, or groups:

    • Run discovery at a site that has a fast network connection to your domain controllers.

    • Consider the Active Directory replication topology to ensure discovery can access the latest information.

    • Consider the scope of the discovery configuration and limit discovery to only those Active Directory locations and groups that you have to discover.

  • If you use Network Discovery:

    • Use a limited initial configuration to identify your network topography.

    • After you identify your network topography, configure Network Discovery to run at specific sites that are central to the network areas that you want to more fully discover.

  • Because Heartbeat Discovery does not run at a specific site, you do not have to consider it in general planning for where to run discovery.

  • Because each site server and network environment is different, limit your initial discovery configurations and closely monitor each site server for its ability to process the discovery data that is generated.

Best Practices for Discovery

Use the following best practices information to help you use discovery in System Center 2012 Configuration Manager.

Run Active Directory System Discovery and Active Directory User Discovery before you run Active Directory Group Discovery

When you configure Active Directory Group Discovery, only specify groups that you use with Configuration Manager

Configure discovery methods with a longer interval between full discovery, and a more frequent period of delta discovery

Run Active Directory Discovery methods at primary site that has a network location that is closest to your Active Directory domain controller

Run Active Directory Forest Discovery at a only one site when you plan to automatically create boundaries from the discovery data

See Also