Choosing a Discovery Method
When you are ready for SMS to locate potential SMS clients, you run discovery in SMS. The discovery method you choose depends on whether or not you have Active Directory, and which resource types you want to find based on the objectives you defined in the pre-planning phase.
Table 10.5 lists the types of discovery methods that are found in the SMS Administrator console and whether or not the client computer must be turned on to be discovered by SMS, based on the discovery method running.
Table 10.5 Planning for SMS Discovery Methods
Type of resources you want discovered |
Discovery method |
Client computer must be turned on to be discovered |
|---|---|---|
Computers |
Heartbeat Discovery |
Yes |
|
Network Discovery |
No |
|
Active Directory System Discovery |
Yes |
Windows computer users and groups |
Windows User Account Discovery |
No |
|
Windows User Group Discovery |
|
Active Directory computer users and groups |
Active Directory User Discovery |
No |
|
Active Directory System Group Discovery |
|
For example, if you want to find users instead of computers, you would choose Windows User Account Discovery or Active Directory User Discovery. If you want to find computers to distribute software to, you might choose Active Directory System Discovery.
When you choose the discovery method to be used at an SMS site, remember that, for most discovery methods, the client computer does not have to be turned on to be discovered. The exceptions to this are Heartbeat Discovery and Active Directory System Discovery. Do not use either of these methods if you want all computers to be discovered whether or not they are turned on at discovery time.
Important:
- When you install SMS by using Custom Setup, no discovery or installation methods are enabled (except for Heartbeat Discovery and automatic discovery of site systems, which you cannot configure). If you install SMS by using Express Setup (which should only be done in an isolated test lab for evaluation purposes), all discovery and installation methods are enabled except for Network Discovery. For more information, see the "Setup Options" section earlier in this chapter.
Unlike SMS 2.0, SMS 2003 does not have Windows Networking Logon Discovery. However, you can still discover computers when users log on to them. For more information, see Chapter 17, "Discovering Resources and Deploying Clients."
This section describes planning for the following discovery tasks:
Discovering resources automatically
Discovering domain users and groups
Discovering resources that have an IP address
Discovering Active Directory objects
Using scripts for discovery
Note:
- Manual Client Installation can discover computers without installing the SMS client software on them. For more information, see the "Manual installation of the SMS client" section later in this chapter.
Discovering Resources Automatically
Some discovery tasks happen automatically in SMS, so you cannot plan for them. These include:
Discovery of SMS site systems.
Heartbeat Discovery.
Discovery performed by SMS during hardware inventory.
SMS site systems and site servers are discovered automatically. Site system discovery provides discovery data about site systems and can trigger their installation as SMS clients if Client Push Installation is enabled and configured to install the SMS client on servers. Because this discovery method is fully automated, you cannot configure it, you cannot disable it, and you do not see it in the SMS Administrator console.
Note:
- SMS Recovery Web sites are not site systems and therefore are not discovered with Site System Discovery. SMS Recovery Web site computers must be discovered by using other discovery methods.
Heartbeat Discovery is a method that is used to refresh SMS client computer discovery data in the SMS site database. If you enable Heartbeat Discovery, the discovery data is refreshed on a schedule that you determine. If you disable Heartbeat Discovery, the discovery data is refreshed only when another discovery method is invoked or run on a schedule. Heartbeat Discovery is useful for maintaining current discovery data on clients that are not usually affected by one of the other discovery methods, such as a server that users seldom log on to. By default, this discovery method is enabled.
Important:
- You can set a full schedule on heartbeat discovery so that clients report their discovery data at a specific time on a regular basis. You should avoid doing this on large sites or on many sites at the same time. Otherwise, you could generate a backlog of DDRs waiting for processing, and your network and SMS servers could be subject to a considerable load when heartbeat discovery runs on all the clients concurrently.
Also, if SMS hardware or software inventory loads computer details into the SMS site database before a DDR is received for that computer, SMS automatically creates a DDR for the computer by using the details that are included in the inventory. Because this discovery method is fully automated, you cannot configure it, you cannot disable it, and you do not see it in the SMS Administrator console.
Discovering Domain Users and Groups
If you want to discover domain user accounts and user groups in particular domains, plan to enable Windows User Account Discovery and Windows User Group Discovery. With this information, you can organize domain users and user groups into SMS collections.
You can use Windows User Account Discovery with Windows NT domains or mixed mode Active Directory domains. However, Active Directory User Discovery returns more information from Active Directory domains, and it continues to work with those domains when you switch them to native mode. You should only use Windows User Account Discovery with Windows NT 4.0 domains.
SMS must be able to access the domains that you specify for Windows User Account Discovery or Windows User Group Discovery by using the SMS Service account or by using the SMS site server's computer account, depending on the security mode SMS is running in.
Windows User Group Discovery is useful for creating group-based collections for software distribution. For example, if you want to distribute software based on groups of users, you can use this discovery method to determine which groups are in your domains. If your organization has an Accountants user group, you can discover that group and then advertise software to a collection containing that group.
Important:
- When discovering Windows user account or group resources within a domain, you must provide SMS with administrative rights and permissions to each specified domain. Do this by granting the SMS Service account (if the site is in standard security mode) or the site server computer account (if the site is in advanced security mode) administrative rights and permissions to the destination domains.
Different SMS sites can discover user accounts in the same domain or in different domains. If you require user resources from a domain at a site and its child site, you should enable Windows User Account Discovery only at the child site. The child site automatically forwards the discovery data to the parent site, so both sites do not have to discover the same users.
You can also schedule how often you want SMS to poll the domain controllers. The discovery data for the accounts is refreshed every time SMS polls the domain controllers. Consider how often you want these discovery methods to poll each domain and generate a new DDR for all user accounts in each domain. This list of user and user group accounts can gradually become inaccurate as accounts are added and deleted in the domain, so set a schedule to keep the list as current as possible.
Discovering Resources That Have an IP Address
Plan to use Network Discovery if you want to find any device on your network that has an IP address. Use Network Discovery to search specific subnets, domains, SNMP devices, and Windows NT or Windows 2000 Dynamic Host Configuration Protocol (DHCP) servers for resources. Network Discovery can also use SNMP to discover resources that are recognized by routers. You can specify a list of SNMP community names and a number of hop counts within which to find routers.
The SMS site server must have user-level security access on the DHCP servers to retrieve database information from those servers. The SMS Service account must have domain user credentials in the same domain as the DHCP server.
You can use Network Discovery to collect resource discovery data so that SMS can perform Client Push Installation. Plan how you will configure Network Discovery options, based on the amount of discovered resource information you want it to provide and when you want Network Discovery to run, before you enable Network Discovery.
For discovery type, choose from the three levels of details:
Topology
Topology and client
Topology, client, and client operating system
Note:
- If you select the Topology, Client, and Client Operating System level of detail, and if the discovered resource runs the Windows 98 or Windows Millennium Edition operating systems, Network Discovery discovers the client operating system only if the computer is configured to share resources. Users at the clients can specify whether to share resources when they are setting up Windows during the installation process or by using Network in Control Panel.
Network Discovery runs according to the schedule you define in the SMS Administrator console. You must schedule and configure the scope of Network Discovery when you are ready to use it in your organization. Be very careful when you enable Network Discovery. Using Network Discovery increases the amount of traffic on your network. As a result, you should schedule Network Discovery so it does not interfere with other uses of your network. If you plan to run Network Discovery over any slow links, plan to make allowances for network speed and available bandwidth when you configure Network Discovery.
For more information, see the "Controlling Discovery and Client Installation" section later in this chapter.
Discovering Active Directory Objects
Active Directory discovery methods poll the nearest Active Directory domain controller to discover Active Directory computers, users, user groups, and containers. To use an Active Directory method of discovery, your Active Directory domain can be in either mixed mode or native mode. Plan to specify the containers you want polled, such as specific domains, sites, organizational units, or user groups. Also, plan to specify the polling schedule.
SMS polls Active Directory when it is using one of the Active Directory discovery methods. The SMS resources that are obtained from Active Directory do not necessarily reflect the current Active Directory resources at all times; objects might have been added, removed, or changed in Active Directory since the most recent poll.
SMS must have read access to the containers that you specify for Active Directory System Discovery, Active Directory User Discovery, or Active Directory System Group Discovery by using the SMS Service account or the site server computer account, depending on the security mode SMS is running in. When the SMS Service account or site server computer account is used by these discovery methods in domains other than the domain the site server is in, the account must have domain user credentials on those domains. The account must at least be a member of the Domain Users group or local Users group on the domains.
Active Directory User Discovery
Use Active Directory User Discovery to discover the following:
User name
Unique user name (includes domain name)
Active Directory domain
Active Directory container name
User groups (except empty groups)
You can run Active Directory User Discovery only on primary sites. If you must discover users or groups in domains that only a secondary site is in, configure the secondary site's parent primary site to discover those domains.
Use Active Directory User Discovery to discover accounts that you want to categorize into SMS collections. For example, if you want to distribute software to collections of users, use this discovery method to determine which users are in your Active Directory domains. If your organization has users to whom you want to distribute a specific software package, you can discover those user accounts and create a collection containing them. You can then advertise the software package to only that collection, so only the appropriate users receive it.
Polling performed by Active Directory User Discovery can generate significant network traffic, although it generates less traffic per resource than Active Directory System Discovery. Plan to schedule the discovery to occur at times when this network traffic does not adversely affect network use.
Also, because SMS polls Active Directory, the SMS resources that are obtained from Active Directory do not necessarily reflect the current Active Directory resources at all times. Users might have been added, removed, or changed in Active Directory since the most recent poll.
Active Directory System Discovery
Use Active Directory System Discovery to discover the following:
Computer name
Active Directory container name
IP address
Assigned Active Directory site
Do not plan to use Active Directory System Discovery to discover the client operating system. There are other discovery methods, such as Network Discovery, that can do this.
Polling performed by Active Directory System Discovery can generate significant network traffic (approximately 5 KB per client computer). Plan to schedule the discovery to occur at times when this network traffic does not adversely affect network use and when the computers are turned on.
Also, because SMS polls Active Directory, instead of being notified of Active Directory changes, the SMS resources that are obtained from Active Directory do not necessarily reflect the current Active Directory resources at all times. Computers might have been added, removed, or changed in Active Directory since the most recent poll.
Active Directory System Group Discovery
Active Directory System Group Discovery data is an enhancement of the discovery data of other discovery methods. Use Active Directory System Group Discovery to discover the following:
Organizational units
Global groups
Universal groups
Nested groups
Nonsecurity groups
You can run Active Directory System Group Discovery only on primary sites. It polls Active Directory for all system resources in its database, including those discovered at child sites, and including secondary sites. Because Active Directory System Group Discovery does not contact the computers directly, the computers do not have to be turned on to be discovered.
Polling performed by Active Directory System Group Discovery can generate significant network traffic, so you should schedule the discovery to occur at times when this network traffic does not adversely affect network use.
Using Scripts for Discovery
You can employ scripts to discover clients during network logon. Scripted discovery is beneficial to SMS administrators who want to completely control the discovery process. It is useful if you are including a wide variety of computers in your SMS pilot project but you do not want to discover too many of those computers, and you do not want to take the time to manually discover them.
Scripted discovery is also appropriate if you have special reporting needs. For example, you can create DDRs for computer lease agreements and then generate reports that provide lease details with the computer details that SMS usually collects.
For more information about using these methods, see Chapter 17, "Discovering Resources and Deploying Clients."
For More Information
Did you find this information useful? Please send your suggestions and comments about the documentation to smsdocs@microsoft.com.