Active Directory User Discovery polling can generate significant network traffic, so you should schedule the discovery to occur at times when this network traffic will not adversely affect business uses of your network.

You must have Modify permission for the Site Security object class or instance to configure this discovery method. For more information about security permissions, see Classes and Instances for Object Security in Configuration Manager.

To configure Active Directory User Discovery

  1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Site Management / <site name> / Site Settings / Discovery Methods.

  2. Right-click Active Directory User Discovery, and then click Properties.

  3. Enable the discovery method if it is not already enabled.

  4. On the General tab, click the New icon to specify a new Active Directory container.

  5. On the New Active Directory Container dialog box, specify the container to search by location. Three options are available:

    • Local domain: Searches for Active Directory containers in the domain in which the computer hosting the Configuration Manager console resides.

    • Local forest: Searches for Active Directory containers in the forest in which the computer hosting the Configuration Manager console resides.

    • Custom LDAP or GC Query: Searches for Active Directory containers using a Lightweight Directory Access Protocol (LDAP) or a General Catalog (GC) query.

      If this option is selected, you can either enter the path to an existing query to run the search or click Browse to navigate to a query.

  6. Select any additional search options to use. Two options are available:

    • Recursive: Specifies that the search includes child containers. This check box is selected by default. If it is cleared, child containers are not searched.

    • Include groups: Specifies that objects within groups are discovered by this method. If it is selected, you can discover objects in other domains, but the likelihood of discovering the same object more than once is increased. If this check box is cleared, duplicate objects and objects in other domains are less likely to be found. This will result in the discovery process completing more quickly. This check box is cleared by default.

  7. Click OK.

  8. On the Polling Schedule tab, click the Schedule button and set a custom schedule if desired. By default, the Active Directory User Discovery method polls once per day.

  9. To run the discovery method immediately, select the Run discovery as soon as possible check box.

    This check box is cleared when the run request is made to the Configuration Manager site database.
  10. On the Active Directory Attribute tab, verify that all desired Active Directory attributes that you want to discover are displayed. By default, only the required attributes are displayed.

    If you want to discover an additional attribute, click the New icon to add an attribute to the list. In the Specify Attribute Name dialog box, type the name of the attribute you want to discover and then click OK.

  11. Click OK.

See Also