Jump to content


Photo

using SCCM 2012 RC in a LAB - Part 3. Configuring Discovery and Boundaries


  • Please log in to reply
12 replies to this topic

#1 anyweb

anyweb

    Administrator

  • Root Admin
  • PipPipPip
  • 5,655 posts
  • Gender:Male
  • Location:Sweden
  • Interests:Deploying Operating systems and more with System Center Configuration Manager

Posted 29 October 2011 - 10:48 AM

NOTE: This post has been superseded since the RTM release of Configuration Manager 2012 here. Please use the new post here as the content below was only done and verified on System Center 2012 Release Candidate.

 

 

 

Did you read the note above ?

 

In Part 1 of this series we got our AD and SCCM servers ready, and then we installed System Center 2012 Configuration Manager as a standalone Primary site. In Part 2 we configured the SCCM server further by adding some Windows Server roles necessary for the following Configuration Manager 2012 functionality, Software Update Point (SUP) and Operating System Deployment. Now we will configure the server further by Enabling some Discovery methods and creating Boundary's and Boundary Groups.

Configuring Discovery Methods.

Active Directory Discovery Methods
Configuration Manager 2012 Active Directory discovery methods can discover Active Directory sites, subnets, users, and computers that are stored in Active Directory Domain Services. To discover information from Active Directory, Configuration Manager requires access to the Active Directory locations that you specify and will use the computer account of the site server that runs the Active Directory discovery method. Or, you can specify a Windows account to run any Active Directory discovery method.

For information on Planning Discovery methods for SCCM 2012, please refer to these pages on Technet:-

Decide Which Discovery Methods to Use






To discover possible Configuration Manager client computers or user resources, you must enable the appropriate discovery methods. You can use different combinations of discovery methods to locate different resources and to discover additional information about those resources. The discovery methods that you use determine the type of resources that are discovered and which Configuration Manager services and agents are used in the discovery process. They also determine the type of information about resources that you can discover.

Discover Computers
When you want to discover computers, you can use Active Directory System Discovery or Network Discovery.
As an example, if you want to discover resources that can install the Configuration Manager client before you use Client Push Installation, you might run Active Directory System Discovery. Alternately you could run Network Discovery and use its options to discover the operating system of resources (required to later use push client installation). However, by using Active Directory System Discovery, you not only discover the resource, but discover basic information and can discover extended information about it from Active Directory Domain Services. This information might be useful in building complex queries and collections to use for the assignment of client settings or content deployment. Network Discovery, on the other hand, provides you information about your network topology that you are not able to acquire with other discovery methods, but Network Discovery does not provide you any information about your Active Directory environment.
It is also possible to use only Heartbeat Discovery to force the discovery of clients that you installed by methods other than client push installation. However, unlike other discovery methods, Heartbeat Discovery cannot discover computers that do not have an active Configuration Manager client, and returns a limited set of information. It is intended to maintain an existing database record and not to be the basis of that record. Information submitted by Heartbeat Discovery might not be sufficient to build complex queries or collections.
If you use Active Directory Group Discovery to discover the membership of a specified group, you can discover limited system or computer information. This does not replace a full discovery of computers but can provide basic information. This basic information is insufficient for client push installation.

Discover Users
When you want to discover information about users, you can use Active Directory User Discovery. Similar to Active Directory System Discovery, this method discovers users from Active Directory and includes basic information in addition to extended Active Directory information. You can use this information to build complex queries and collections similar to those for computers.

Discover Group Information
When you want to discover information about groups and group memberships, use Active Directory Group Discovery. This discovery method creates resource records for security groups.
You can use this method to search a specific Active Directory group to identify the members of that group in addition to any nested groups within that group. You can also use this method to search an Active Directory location for groups, and recursively search each child container of that location in Active Directory Domain Services.
This discovery method can also search the membership of distribution groups. This can identify the group relationships of both users and computers.
When you discover a group, you can also discover limited information about its members. This does not replace Active Directory System or User Discovery and is usually insufficient to build complex queries and collections or serve as the bases of a client push installation.

Discover Infrastructure
There are two methods that you can use to discover infrastructure, Active Directory Forest Discovery and Network Discovery.
You can use Active Directory Forest Discovery to search an Active Directory forest for information about subnets and Active Directory site configurations. These configurations can then be automatically entered into Configuration Manager as boundary locations. When you want to discover your network topology, use Network Discovery. While other discovery methods return information related to Active Directory Domain Services and can identify the current network location of a client, they do not provide infrastructure information based on the subnets and router topology of your network.


Step 1. Enable Discovery Methods


Perform the following on the SCCM server as SMSadmin

Note:- Site Hierarchy and Site Operations have been renamed from Beta 2 to Hierarchy Configuration and Site Configuration.

Click on the Administration workspace, expand Overview, Hierarchy Configuration and select Discovery Methods, you can see that Heartbeat Discovery is the only Method Enabled by Default.

Discovery Methods.png

We want our LAB to discovery All Computers and Users so we will enable the following discovery methods

  • Active Directory Forest Discovery
  • Active Directory Group Discovery
  • Active Directory System Discovery
  • Active Directory User Discovery

Right click on Active Directory Forest Discovery and choose Properties,






active directory forest discovery properties.png

place a checkmark in the three available options

enable forest discovery.png

click Apply and answer yes to the Full Discovery question

Do you want to run a full discovery as soon as possible.png

Now we will Enable Active Directory Group Discovery, so as before, right click on it, choose Properties

adgd.png

when the properties screen appears, place a checkmark to Enable the discovery Method,

enable adgd.png

Click on Add, select Location

add location.png

click on Browse

browse group location.png

Select your Active Directory Container and click ok

select active directory container.png

click ok, Give the Name a descriptive name like All My AD Groups

all my ad  groups.png

click ok, and it will now appear in the list of Discovery Scopes

all my ad groups enabled.png

Click on the Polling Schedule Tab, note that Delta Discovery is enabled already, now click on the Option tab (this is new since Beta 2)

polling schedule.png

Note:- There are three new options available in the interestingly named Option tab, select them if you wish, basically they allow us to NOT discovery stale objects in AD (no DDR will be created when they are detected), this is good as not all AD people remove stale accounts and this will help to improve our SLA's with more accurate information about what systems are live or not in our organisation.

option tab.png

Next we will configure Active Directory System Discovery, so right click it and select Properties, the properties page will show, place a checkmark to Enable Active Directory System Discovery



click on the Yellow StarBurst, then click on Browse and select your default Active Directory Container

ad system discovery.png

so it appears like so

active directory system discovery containers.png

you can review the other tabs, including the new Option tab, select the options within there also.

active directory system discovery option tab.png

and finally we'll enable Active Directory User Discovery, right click on it, choose Properties, and enable it as below

enable active directory user discovery.png

add the Active directory container discovery by clicking on the yellow starburst and adding the default container

adud container.png

Once done you can click on Assets and Compliance to verify that your Users, Groups and Systems are being Discovered (in the screenshot below I'm showing users and user groups).

assets and compliance.png


Step 2. Configure Boundaries

Perform the following on the SCCM server as SMSadmin

In Configuration Manager 2012, a boundary is a network location that can contain one or more devices that you want to manage. Boundaries can be an IP subnet, Active Directory site name, IPv6 Prefix, or an IP address range, and it can include any combination of these elements. To use a boundary you must add the boundary to one or more boundary groups. Boundary groups are collections of boundaries and they allow clients to find an assigned site and to locate content when they need to install software, such as applications, software updates, and operating system images.

Boundaries are no longer site-specific. Instead, you define them one time only for the hierarchy and they are available for all sites in the hierarchy. Each boundary must be a member of a boundary group before a device on that boundary can identify an assigned site or locate content on a distribution point. Each boundary represents a network location in Configuration Manager 2012 and it is available from every site in your hierarchy. A boundary does not enable you to manage clients at the network location. To manage a client, the boundary must be a member of a boundary group.

Content Location

You can associate one or more distribution points with each boundary group. You can also associate a distribution point with multiple boundary groups. When a client requests content for a deployment, Configuration Manager sends the client a list of distribution points that have the content and that are associated with a boundary group that includes the current network location of the client.

Configuration Manager 2012 supports overlapping boundary configurations for content location. When a client requests content and the client network location belongs to multiple boundary groups, Configuration Manager sends the client a list of all distribution points that have the content. This behavior enables the client to select the nearest server from which to download the content.

You can configure the network connection speed of each distribution point in a boundary group. Clients use this value when they connect to the distribution point. By default, the network connection speed is configured as Fast, but it can also be configured as Slow. The network connection speed and the deployment configuration determine whether a client can download content from a distribution point when the client is on an associated boundary.

In the Administration section, select Boundaries, our previosly discovery Active Directory Site is listed.

default first site name.png

right click on Boundary Groups and choose Create Boundary Group

create boundary group.png

give the Boundary Group a name (and a description if you wish), click on Add

add boundary group.png

In the Add Boundaries window, place a checkmark in our Default-First-Site-Name Boundary.

add boundaries.png

click ok, It now appears in our list of Boundaries which are a member of this Boundary Group, click on References

references.png

place a checkmark in Use this Boundary Group for site assignment then click on Add

add content location.png

select our site system then click ok

add site system.png

click Apply

boundary group site assignment and content location.png

Now we have defined which site our clients can get assigned to via the Boundary Group, and we have defined their content location

my boundary groups.png

In the next Part we will configure some more Site roles and configure Client Settings.


  • Bobby Green and Vertexx like this
Microsoft MVP > Enterprise Client Management
My linkedin profile at > linkedin.com
Follow me on Twitter > ncbrady
Follow windowsnoob.com on Twitter > windowsnoob
My blog

#2 alexaccton

alexaccton

    Newbie

  • Members
  • Pip
  • 3 posts
  • Gender:Male
  • Location:São Paulo | Rio de Janeiro | Brasil
  • Interests:MCP - MCSA - MCTS 7 - ITIL - COBIT

Posted 07 January 2012 - 03:07 PM

Muito bom, very good B)



#3 JesterK

JesterK

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 27 June 2012 - 04:39 PM

I configured exactly like this and did not run into a any problems until I tried to deploy task sequences. When I do I get the error message in Software Center:

"Unable to make changes to your software"

More information just tells me:

"The software could not be found on any servers at this time"

I did some poking around and everyone is saying it is a Boundary issue. I have all my IP subnets as boundaries (x.x.x.0 for example) and added to the boundary group. Any help? Thanks in advance!

#4 frankalbcn

frankalbcn

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 30 August 2012 - 07:05 AM

Hi JesterK,
Have you find any solution to this? We are facing same issue when we try to run Task Sequences inside the Software Center.
It suddenly stops working.
Many thanks

#5 Witchdoctor

Witchdoctor

    Member

  • Members
  • PipPip
  • 10 posts

Posted 21 November 2012 - 07:10 PM

Thankyou very much for a great set of guides, I'm finding them quite helpful. However, in step 2 of this guide, when I login to my server as smsadmin I am unable to connect to the SCCM site through the SCCM console.

I get this message:
The user account running the Configuration Manager console has insufficient permissions to read information from the Configuration Manager site database. The account must belong to a security role in Configuration Manager. The account must also have the Windows Server Distributed Component Object Model (DCOM) Remote Activation permission for the computer running the Configuration Manager site server and the SMS Provider.

What did I do wrong? I can login as myself and run the console easily enough. Can I do the configuration as myself since I have domain admin privileges?

Thanks again
WD





#6 anyweb

anyweb

    Administrator

  • Root Admin
  • PipPipPip
  • 5,655 posts
  • Gender:Male
  • Location:Sweden
  • Interests:Deploying Operating systems and more with System Center Configuration Manager

Posted 21 November 2012 - 07:45 PM

first of all this set of guides is actually for the Release Candidate version, the RTM guides (latest) are the most up to date and most applicable you can find them all here.

as regards your current issue, if you followed the guides step by step then you'd have installed Configuration Manager as a user (SMSadmin) and that user will automatically have the permissions needed, did you use that user or did you install the console (and everything else) as domain admin ?
Microsoft MVP > Enterprise Client Management
My linkedin profile at > linkedin.com
Follow me on Twitter > ncbrady
Follow windowsnoob.com on Twitter > windowsnoob
My blog

#7 Witchdoctor

Witchdoctor

    Member

  • Members
  • PipPip
  • 10 posts

Posted 29 November 2012 - 11:39 PM

Hmmm I suspect you are correct and that I installed as myself (domain admin) So is there a way to correct this? Thanks again for a great guide.

#8 LuckyStone

LuckyStone

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 11 January 2013 - 11:21 AM

I have a noob question: Can I create a boundary of computers like my OU: TestComputers in my AD?
Please help
Thank you



#9 mkpanchal

mkpanchal

    Newbie

  • Members
  • Pip
  • 3 posts
  • Gender:Male
  • Location:India

Posted 01 March 2013 - 04:43 AM

Hi,

 

I have installed SCCM 2012 SP1 as per guide of this. Part 1 and Part 2 installed perfectly. Now in this part when I click on my Discovery method it shows only "Active Directory Forest Discovery". Why it does not show other discovery method. How to enable/install the same discovery method. Please find here the screen .

 

SCCMPart3.jpg

 

Can you please help me in this.

 

Thanks,

 

Mehul



#10 rbnbadri

rbnbadri

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 04 March 2013 - 06:36 AM

I followed all the steps to enable AD group, system and user discovery. . . But they are not inventoried under the users and groups. . . 

Anybody else had this experience???



#11 Peter van der Woude

Peter van der Woude

    Advanced Member

  • Moderators
  • PipPipPip
  • 2,201 posts
  • Gender:Male
  • Location:The Netherlands

Posted 04 March 2013 - 07:16 PM

Did you check the adxxxdis log files?


My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude


#12 jkirshy

jkirshy

    Advanced Member

  • Members
  • PipPipPip
  • 30 posts
  • Gender:Male
  • Location:Houston, Texas

Posted 18 April 2013 - 06:20 PM

You only installed a CAS server. go to the splash screen and install a stand alone install.



#13 67_dbc

67_dbc

    Advanced Member

  • Members
  • PipPipPip
  • 33 posts

Posted 21 April 2014 - 09:06 PM

I have a silly question...How do you remove an entry that was added manually in the AD System Discovery Properties? Note: The following AD container doesn't exist any longer, which is the reason for me to remove it from AD system discovery altogether. I am getting the following error when I attempt this. Am I suppose to stop any services prior to removal? Perhaps, do I need to go to my AD side and re-add that OU just so I can remove it from SCCM ADSD??? I prefer not to because that will cause havoc internally with our server group.

 

Anyone else dealt with this before?

 

SCCM 2012 (no CU or SP)

Server 2008 R2

SQL 2008 R2

Attached Images

  • Active Directory System Discovery.png

Attached Files






2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Locations of visitors to this page