• Article

Configuring Discovery in Configuration Manager

 

Updated: May 14, 2015

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1

Discovery identifies computer and user resources that you can manage by using Configuration Manager, and it also discovers network infrastructure in your environment. Use the information in the following sections to help you configure discovery in System Center 2012 Configuration Manager.

  • How to Enable a Discovery Method

  • Configure Heartbeat Discovery

  • Configure Active Directory Discovery for Computers, Users, or Groups

  • Configure Active Directory Forest Discovery

  • Configure Network Discovery

    • About Configuring Network Discovery

    • How to Configure Network Discovery

    • How to Verify that Network Discovery Has Finished

How to Enable a Discovery Method

With the exception of the Heartbeat Discovery method, you must enable all configurable discovery methods in Configuration Manager before they can discover resources on a network. You can also disable each method by using the same procedure you use to enable it.

In addition to enabling a discovery method, you might have to configure it to successfully discover resources in your environment.

Note

Heartbeat Discovery is enabled when you install a Configuration Manager primary site and does not have to be enabled. Keep Heartbeat Discovery enabled as this method ensures that the discovery data records (DDRs) for devices are up-to-date. For more information about Heartbeat discovery, see About Heartbeat Discovery.

To enable a discovery method

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Hierarchy Configuration, and click Discovery Methods.

  3. Select the discovery method for the site where you want to enable discovery.

  4. On the Home tab, in the Properties group, click Properties, and then on the General tab, select the Enable <discovery method> check box.

    Note

    If this check box is already selected, you can disable the discovery method by clearing the check box.

  5. Click OK to save the configuration.

Configure Active Directory Discovery for Computers, Users, or Groups

Use the information in the following sections to configure discovery of computers, users, or groups, by using one of the following discovery methods:

  • Active Directory System Discovery

  • Active Directory User Discovery

  • Active Directory Group Discovery

Note

The information in this section does not apply to Active Directory Forest Discovery.

While each of these discovery methods is independent of the others, they share similar options. For more information about these configuration options, see About Active Directory System, User, and Group Discovery Methods.

Warning

The Active Directory polling by each of these discovery methods can generate significant network traffic. Consider scheduling each discovery method to run at a time when this network traffic does not adversely affect business uses of your network.

Use the following procedures to configure each discovery method.

To configure Active Directory System Discovery

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Hierarchy Configuration, and then click Discovery Methods.

  3. Select the method for the site where you want to configure discovery.

  4. On the Home tab, in the Properties group, click Properties.

  5. On the General tab, select the check box to enable discovery, or you can configure discovery now, and then return to enable discovery later.

  6. Click the New icon New Icon to specify a new Active Directory container, and in the Active Directory Container dialog box, complete the following configurations:

    1. Specify one or more locations to search.

    2. For each location, specify options that modify the search behavior.

    3. For each location, specify the account to use as the Active Directory Discovery Account.

      Tip

      For each location that you specify, you can configure a set of discovery options and a unique Active Directory Discovery Account.

    4. Click OK to save the Active Directory container configuration.

  7. On the Polling Schedule tab, configure both the full discovery polling schedule and delta discovery.

  8. Optionally, on the Active Directory Attributes tab, you can configure additional Active Directory attributes for computers that you want to discover. The default object attributes are also listed.

  9. Optionally, on the Option tab, you can configure options to filter out, or exclude, stale computer records from discovery.

  10. When you are have finished configuring Active Directory System Discovery for this site, click OK to save the configuration.

To configure Active Directory User Discovery

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Hierarchy Configuration, and then click Discovery Methods.

  3. Select the Active Directory User Discovery method for the site where you want to configure discovery.

  4. On the Home tab, in the Properties group, click Properties.

  5. On the General tab, select the check box to enable discovery, or you can configure discovery now, and return to enable discovery later.

  6. Click the New icon New Icon to specify a new Active Directory container, and in the Active Directory Container dialog box, complete the following configurations:

    1. Specify one or more locations to search.

    2. For each location, specify options that modify the search behavior.

    3. For each location, specify the account to use as the Active Directory Discovery Account.

      Note

      For each location that you specify, you can configure a unique set of discovery options and a unique Active Directory Discovery Account.

    4. Click OK to save the Active Directory container configuration.

  7. On the Polling Schedule tab, configure both the full discovery polling schedule and delta discovery.

  8. Optionally, on the Active Directory Attributes tab, you can configure additional Active Directory attributes for computers that you want to discover. The default object attributes are also listed.

  9. When you are have finished configuring Active Directory User Discovery for this site, click OK to save the configuration.

To configure Active Directory Group Discovery

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Hierarchy Configuration, and then click Discovery Methods.

  3. Select the Active Directory Group Discovery method for the site where you want to configure discovery.

  4. On the Home tab, in the Properties group, click Properties.

  5. On the General tab, select the check box to enable discovery, or you can configure discovery now, and return to enable discovery later.

  6. Click Add to configure a discovery scope, select either Groups or Location, and complete the following configurations in the Add Groups, or Add Active Directory Location dialog box:

    1. Specify a Name for this discovery scope.

    2. Specify an Active Directory Domain or Location to search:

      • If you selected Groups, specify one or more Active Directory groups to be discovered.

      • If you selected Location, specify an Active Directory container as a location to be discovered. You can also enable a recursive search of Active Directory child containers for this location.

    3. Specify the Active Directory Group Discovery Account that is used to search this discovery scope.

    4. Click OK to save the discovery scope configuration.

  7. Repeat step 6 for each additional discovery scope that you want to define.

  8. On the Polling Schedule tab, configure both the full discovery polling schedule and delta discovery.

  9. Optionally, on the Option tab, you can configure options to filter out, or exclude, stale computer records from discovery, and to discover the membership of distribution groups.

    Note

    By default, Active Directory Group Discovery discovers only the membership of security groups.

  10. When you have finished configuring Active Directory Group Discovery for this site, click OK to save the configuration.

Configure Active Directory Forest Discovery

To complete the configuration of Active Directory Forest Discovery, you must configure settings in two locations:

  • In the Discovery Methods node, you can enable this discovery method, set a polling schedule, and select whether discovery automatically creates boundaries for the Active Directory sites and subnets that it discovers.

  • In the Active Directory Forests node, you can add forests that you want to discover, enable discovery of Active Directory sites and subnets in that forest, configure settings that enable Configuration Manager sites to publish their site information to the forest, and assign an account to use as the Active Directory Forest Account for each forest.

Use the following procedures to enable Active Directory Forest discovery, and to configure individual forests for use with Active Directory Forest Discovery.

To enable Active Directory Forest Discovery

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Hierarchy Configuration, and then click Discovery Methods.

  3. Select the Active Directory Forest Discovery method for the site where you want to configure discovery.

  4. On the Home tab, in the Properties group, click Properties.

  5. On the General tab, select the check box to enable discovery, or you can configure discovery now, and return to enable discovery later.

  6. Specify options to create site boundaries for discovered locations.

  7. Specify a schedule for when discovery runs.

  8. When you complete the configuration of Active Directory Forest Discovery for this site, click OK to save the configuration.

To configure a forest for Active Directory Forest Discovery

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, click Active Directory Forests. If Active Directory Forest Discovery has previously run, you see each discovered forest in the results pane. The local forest and any trusted forests are discovered when Active Directory Forest Discovery runs. Only untrusted forests must be manually added.

    - To configure a previously discovered forest, select the forest in the results pane, and then on the **Home** tab, in the **Properties** group, click **Properties** to open the forest properties. Continue with step 3.

- To configure a new forest that is not listed, on the **Home** tab, in the **Create** group, click **Add Forest** to open the **Add Forests** dialog box. Continue with step 3.

  3. On the General tab, complete configurations for the forest that you want to discover and specify the Active Directory Forest Account.

    Note

    Active Directory Forest Discovery requires a global account to discover and publish to untrusted forests. If you do not use the computer account of the site server, you can only select a global account.

  4. If you plan to allow sites to publish site data to this forest, on the Publishing tab, complete configurations for publishing to this forest.

    Note

    If you enable sites to publish to a forest, you must extend the Active Directory schema of that forest for Configuration Manager, and the Active Directory Forest Account must have Full Control permissions to the System container in that forest.

  5. When you complete the configuration of this forest for use with Active Directory Forest Discovery, click OK to save the configuration.

Configure Heartbeat Discovery

By default, Heartbeat Discovery is enabled when you install a Configuration Manager primary site. As a result, you only have to configure the schedule for how often clients send the Heartbeat Discovery data record (DDRs) to a management point.

Although Heartbeat Discovery is enabled by default, if it is disabled, you can re-enable it like any other discovery method. For more information, see How to Enable a Discovery Method.

Note

If both client push installation and the site maintenance task for Clear Install Flag are enabled at the same site, set the schedule of Heartbeat Discovery to be less than the Client Rediscovery period of the Clear Install Flag site maintenance task. For more information about site maintenance tasks, see Configure Maintenance Tasks for Configuration Manager Sites.

To configure the Heartbeat Discovery schedule

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Hierarchy Configuration, and then click Discovery Methods.

  3. Select Heartbeat Discovery for the site where you want to configure Heartbeat Discovery.

  4. On the Home tab, in the Properties group, click Properties.

  5. Configure the frequency with which clients submit a Heartbeat discovery data records (DDRs), and then click OK to save the configuration.

Configure Network Discovery

Use the information in the following sections to help you configure Network Discovery.

About Configuring Network Discovery

Before you configure Network Discovery, you must understand the following:

  • Available levels of Network Discovery

  • Available Network Discovery options

  • Limiting Network Discovery on the network

For more information, see the section About Network Discovery in the Planning for Discovery in Configuration Manager topic.

The following sections provide information about common configurations for Network Discovery. You can configure one or more of these configurations for use during the same discovery run. If you use multiple configurations, you must plan for the interactions that can affect the discovery results.

For example, you might want to discover all SNMP devices that use a specific SNMP Community name. Additionally, for the same discovery run, you might disable discovery on a specific subnet. When discovery runs, Network Discovery does not discover the SNMP devices with the specified community name on the subnet that you have disabled.

Determine your Network Topology

You can use a topology-only discovery to map your network. This kind of discovery does not discover potential clients. The topology-only Network Discovery relies on SNMP.

When mapping your network topology, you must configure the Maximum hops on the SNMP tab in the Network Discovery Properties dialog box. Just a few hops can help control the network bandwidth that is used when discovery runs. As you discover more of your network, you can increase the number of hops to gain a better understanding of your network topology.

After you understand your network topology, you can configure additional properties for Network Discovery to discover potential clients and their operating systems while you are using available configurations to limit the network segments that Network Discovery can search.

Limit Searches by Using Subnets

You can configure Network Discovery to search specific subnets during a discovery run. By default, Network Discovery searches the subnet of the server that runs discovery. Any additional subnets that you configure and enable apply only to Simple Network Management Protocol (SNMP) and Dynamic Host Configuration Protocol (DHCP) search options. When Network Discovery searches domains, it is not limited by configurations for subnets.

If you specify one or more subnets on the Subnets tab in the Network Discovery Properties dialog box, only the subnets that are marked as Enabled are searched.

When you disable a subnet, it is excluded from discovery, and the following conditions apply:

  • SNMP-based queries do not run on the subnet

  • DHCP servers do not reply with a list of resources located on the subnet

  • Domain-based queries can discover resources that are located on the subnet

Search a Specific Domain

You can configure Network Discovery to search a specific domain or set of domains during a discovery run. By default, Network Discovery searches the local domain of the server that runs discovery.

If you specify one or more domains on the Domains tab in the Network Discovery Properties dialog box, only the domains that are marked as Enabled are searched.

When you disable a domain, it is excluded from discovery, and the following conditions apply:

  • Network Discovery does not query domain controllers in that domain

  • SNMP-based queries can still run on subnets in the domain

  • DHCP servers can still reply with a list of resources located in the domain

Limit Searches by Using SNMP Community Names

You configure Network Discovery to search a specific SNMP community or set of communities during a discovery run. By default, the community name of public is configured for use.

Network Discovery uses community names to gain access to routers that are SNMP devices. A router can supply Network Discovery with information about other routers and subnets that are linked to the first router.

Note

SNMP community names resemble passwords. Network Discovery can get information only from an SNMP device for which you have specified a community name. Each SNMP device can have its own community name, but often the same community name is shared among several devices. Additionally, most SNMP devices have a default community name of public. However, some organizations delete the public community name from their devices as a security precaution.

If multiple SNMP communities are displayed on the SNMP tab in the Network Discovery Properties dialog box, Network Discovery searches them in the order in which they are displayed. To help minimize network traffic that is generated by attempts to contact a device by using different names, ensure that the most frequently used names are at the top of the list.

Note

In addition to using the SNMP Community name, you can specify the IP address or resolvable name of a specific SNMP device. You configure the IP address or resolvable name for a specific device on SNMP Devices tab in the Network Discovery Properties dialog box.

Search a Specific DHCP Server

You can configure Network Discovery to use a specific DHCP server or multiple servers to discover DHCP clients during a discovery run.

Network Discovery searches each DHCP server that you specify on the DHCP tab in the Network Discovery Properties dialog box. If the server that is running discovery leases its IP address from a DHCP server, you can configure discovery to search that DHCP server by selecting the Include the DHCP server that the site server is configured to use check box.

Note

To successfully configure a DHCP server in Network Discovery, your environment must support IPv4. You cannot configure Network Discovery to use a DHCP server in a native IPv6 environment.

How to Configure Network Discovery

Use the following procedures to first discover only your network topology, and then to configure Network Discovery to discover potential clients by using one or more of the available Network Discovery options.

To determine your network topology

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Hierarchy Configuration, and then click Discovery Methods.

  3. Select Network Discovery for the site where you want to run Network Discovery.

  4. On the Home tab, in the Properties group, click Properties.

    - On the **General** tab, select the **Enable network discovery** check box, and then select **Topology** from the **Type of discovery** options.

- On the **Subnets** tab, select the **Search local subnets** check box.

  <div class="alert">


  > [!TIP]
  > <P>If you know the specific subnets that constitute your network, you can clear the <STRONG>Search local subnets</STRONG> check box and use the <STRONG>New</STRONG> icon <IMG title="New Icon" alt="New Icon" src="images/Hh427340.aa3d2955-3c32-402b-9536-9b25b8038ac5(TechNet.10).jpeg"> to add the specific subnets that you want to search. For large networks, it is often best to search only one or two subnets at a time to minimize the use of network bandwidth.</P>


  </div>

- On the **Domains** tab, select the **Search local domain** check box.

- On the **SNMP** tab, use the **Maximum hops** drop-down list to specify how many router hops Network Discovery can take in mapping your topology.

  <div class="alert">


  > [!TIP]
  > <P>When you first map your network topology, configure just a few router hops to minimize the use of network bandwidth.</P>


  </div>

  5. On the Schedule tab, click the New icon New Icon to set a schedule for running Network Discovery.

    Note

    You cannot assign a different discovery configuration to separate Network Discovery schedules. Each time Network Discovery runs, it uses the current discovery configuration.

  6. Click OK to accept the configurations. Network Discovery runs at the scheduled time.

To configure Network Discovery

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Hierarchy Configuration, and then click Discovery Methods.

  3. Select Network Discovery for the site where you want to run Network Discovery.

  4. On the Home tab, in the Properties group, click Properties.

  5. On the General tab, select the Enable network discovery check box, and then select the type of discovery that you want to run from the Type of discovery options.

  6. To configure discovery to search subnets, click the Subnets tab, and on the Subnets tab, configure one or more of the following options:

    - To run discovery on subnets that are local to the computer that runs discovery, select the **Search local subnets** check box.

- To search a specific subnet, the subnet must be listed in **Subnets to search**, and have a **Search** value of **Enabled**:

  1.  If the subnet is not listed, click the **New** icon ![New Icon](images/Hh427340.aa3d2955-3c32-402b-9536-9b25b8038ac5(TechNet.10).jpeg "New Icon"). In the **New Subnet Assignment** dialog box, enter the **Subnet** and **Mask** information, and then click **OK**. By default, a new subnet is enabled for search.

  2.  To change the **Search** value for a listed subnet, select the subnet, and then click the **Toggle** icon to toggle the value between **Disabled** and **Enabled**.

  7. To configure discovery to search domains, click the Domains tab, and on the Domains tab, configure one or more of the following options:

    - To run discovery on the domain of the computer that runs discovery, select the **Search local domain** check box.

- To search a specific domain, the domain must be listed in **Domains** and have a **Search** value of **Enabled**:

  1.  If the domain is not listed, click the **New** icon ![New Icon](images/Hh427340.aa3d2955-3c32-402b-9536-9b25b8038ac5(TechNet.10).jpeg "New Icon"), and in the **Domain Properties** dialog box, enter the **Domain** information, and then click **OK**. By default, a new domain is enabled for search.

  2.  To change the **Search** value for a listed domain, select the domain, and then click the **Toggle** icon to toggle the value between **Disabled** and **Enabled**.

  8. To configure discovery to search specific SNMP community names for SNMP devices, click the SNMP tab, and on the SNMP tab, configure one or more of the following options:

    - To add an SNMP community name to the list of **SNMP Community names**, click the **New** icon ![New Icon](images/Hh427340.aa3d2955-3c32-402b-9536-9b25b8038ac5(TechNet.10).jpeg "New Icon"), and in the **New SNMP Community Name** dialog box, specify the **Name** of the SNMP community, and then click **OK**.

- To remove an SNMP community name, select the community name, and then click the **Delete** icon ![Delete Icon](images/Hh427340.83c5d168-8faf-4e8e-920b-528e3c43ffd4(TechNet.10).jpeg "Delete Icon").

- To adjust the search order of SNMP community names, select a community name, and then click the **Move Item Up** icon ![Move Up Icon](images/Hh427340.b66bab87-ba1b-4742-9a9e-c40b3b193516(TechNet.10).jpeg "Move Up Icon"), or the **Move Item Down** icon ![Move Down Icon](images/Hh427340.d142c92a-764c-4411-8959-25badfcc6e13(TechNet.10).jpeg "Move Down Icon"). When discovery runs, community names are searched in a top-to-bottom order.

  <div class="alert">


  > [!NOTE]
  > <P>Network Discovery uses SNMP community names to gain access to routers that are SNMP devices. A router can inform Network Discovery about other routers and subnets linked to the first router.</P>


  </div>

    - SNMP community names resemble passwords.

    - Network Discovery can get information only from an SNMP device for which you have specified a community name.

    - Each SNMP device can have its own community name, but often the same community name is shared among several devices

    - Most SNMP devices have a default community name of **Public** which can be used if you do not know any other community names. However, some organizations delete the **Public** community name from their devices as a security precaution.

  9. To configure the maximum number of router hops for use by SNMP searches, click the SNMP tab, and on the SNMP tab, select the number of hops from the Maximum hops drop-down list.

  10. To configure SNMP Devices, click the SNMP Devices tab, and on the SNMP tab, if the device is not listed, click the New icon New Icon. In the New SNMP Device dialog box, specify the IP address or device name of the SNMP device, and then click OK.

    Note

    If you specify a device name, Configuration Manager must be able to resolve the NetBIOS name to an IP address.

  11. To configure discovery to query specific DHCP servers for DHCP clients, click the DHCP tab, and on the DHCP tab, configure one or more of the following options:

    • To query the DHCP server on the computer that is running discovery, select the Always use the site server’s DHCP server check box.

      Note

      To use this option, the server must lease its IP address from a DHCP server and cannot use a static IP address.

    • To query a specific DHCP server, click the New icon New Icon, and in the New DHCP Server dialog box, specify the IP address or server name of the DHCP server, and then click OK.

      Note

      If you specify a server name, Configuration Manager must be able to resolve the NetBIOS name to an IP address.

  12. To configure when discovery runs, click the Schedule tab, and on the Schedule tab, click the New icon New Icon to set a schedule for running Network Discovery.

    You can configure multiple schedules for Network Discovery that include multiple recurring schedules and multiple schedules that have no recurrence.

    Note

    If multiple schedules are displayed on the Schedule tab at the same time, all schedules result in a run of Network Discovery as it is configured at the time indicated in the schedule. This is also true for recurring schedules.

  13. Click OK to save your configurations.

How to Verify that Network Discovery Has Finished

The time that Network Discovery requires to complete can vary depending on a variety of factors. These factors can include one or more of the following:

  • The size of your network

  • The topology of your network

  • The maximum number of hops that are configured to find routers in the network

  • The type of discovery that is being run

Because Network Discovery does not create messages to alert you when discovery has finished, you can use the following procedure to verify when discovery has finished.

To verify that Network Discovery has finished

  1. In the Configuration Manager console, click Monitoring.

  2. In the Monitoring workspace, expand System Status, and then click Status Message Queries.

  3. Select All Status Messages.

  4. On the Home tab, in the Status Message Queries group, click Show Messages.

  5. Select the Select date and time drop-down list and select a value that includes how long ago the discovery started, and then click OK to open the Configuration Manager Status Message Viewer.

    Tip

    You can also use the Specify date and time option to select a given date and time that you ran discovery. This option is useful when you ran Network Discovery on a given date and want to retrieve messages from only that date.

  6. To validate that Network Discovery has finished, search for a status message that has the following details:

    - Message ID: **502** 

- Component: **SMS\_NETWORK\_DISCOVERY**

- Description: **This component stopped**

    If this status message is not present, Network Discovery has not finished.

  7. To validate when Network Discovery started, search for a status message that has the following details:

    - Message ID: **500**

- Component: **SMS\_NETWORK\_DISCOVERY**

- Description: **This component started**

    This information verifies that Network Discovery started. If this information is not present, reschedule Network Discovery.