Active Directory System Group Discovery

The Active Directory System Group Discovery method polls an Active Directory domain controller to discover system groups for computer systems that are discovered by other discovery methods and assigned to the SMS site. In this way, Active Directory System Group Discovery enhances the discovery data of other discovery methods. If a resource is not assigned to an SMS site, Active Directory System Group Discovery does not discover system group information for that resource.

The Active Directory System Group Discovery method gathers discovery information about:

• Organizational unit.

• Global groups.

• Universal groups.

• Nested groups.

• Other non-security groups such as Windows distribution groups.

The Active Directory domain can be in mixed mode or native mode. You specify the containers to be polled (such as specific domains, organizational units, or user groups), and SMS routinely polls the containers (and, optionally, their child containers) for the system groups. You can also adjust the schedule of the polling.

SMS must have Read access to the containers that you specify for Active Directory System Group Discovery by using the SMS Service account or the site server computer account, depending on the security mode in which SMS is running. When the SMS Service account or site server computer account is used in domains other than the domain in which the site server is located, the account must have user rights on those domains. The account must at least be a member of the Domain Users group or local Users group on the domains.

For More Information

Did you find this information useful? Please send your suggestions and comments about the documentation to smsdocs@microsoft.com.