Active Directory User Discovery

The Active Directory User Discovery method polls an Active Directory domain controller to discover users and the user groups of which they are members. Active Directory User Discovery can also poll the specified Active Directory containers recursively. The Active Directory domain can be in mixed mode or native mode. You specify the containers that you want polled (such as specific domains, sites, organizational units, or user groups), and SMS routinely polls the containers (and, optionally, their child containers) for users and their user groups. You can also adjust the schedule of the polling.

The Active Directory User Discovery method gathers discovery information such as:

• User name.

• Unique user name (includes domain name).

• Domain.

• Active Directory container names.

• Security group and other group names such as groups, global group, or universal group membership, including nested group membership.

• User groups (the relationship between the users and user groups, not just the properties of the users and user groups separately).

SMS must have Read access to the containers that you specify for Active Directory User Discovery by using the SMS Service account or the site server computer account, depending on the security mode in which SMS is running. When the SMS Service account or site server computer account is used in domains other than the domain in which the site server is located, the account must have user rights on those domains. The account must at least be a member of the Domain Users group or local Users group on the domains.

For More Information

Did you find this information useful? Please send your suggestions and comments about the documentation to smsdocs@microsoft.com.