Tag Archives: boundaries

System Center 2012 R2 Configuration Manager – Discovery Methods and Boundaries

This guide is the 3rd in our deployment of System Center 2012 R2 Configuration Manager, originally starting with this guide here.

Definitions

Discovery Methods – Discovery identifies computer and user resources that you can manage by using Configuration Manager. It can also discover the network infrastructure in your environment. Discovery creates a discovery data record (DDR) for each discovered object and stores this information in the Configuration Manager database.  These can be through Active Directory Forest, Active Directory Group Discovery, Active Directory System Discovery, Active Directory User Discovery, Heartbeat Discovery, and Network Discovery.  You can find more information from the official technet article here: http://technet.microsoft.com/en-us/library/gg712308.aspx

  • Active Directory Forest Discovery
    • Can discover Active Directory sites and subnets, and then create Configuration Manager boundaries for each site and subnet from the forests that you have configured for discovery. When Active Directory Forest Discovery identifies a supernet that is assigned to an Active Directory site, Configuration Manager converts the supernet into an IP address range boundary.
  • Active Directory Group Discvoery
    • Discovers local, global, and universal security groups, the membership within these groups, and the membership within distribution groups from the specified locations in Active directory Domain Services. Distribution groups are not discovered as group resources.
  • Active Directory System Discovery
    • Discovers computers from the specified locations in Active Directory Domain Services.
  • Active Directory User Discvoery
    • Discovers user accounts from the specified locations in Active Directory Domain Services.

Boundaries – A boundary is a network location on the intranet that can contain one or more devices that you want to manage. Boundaries can be an IP subnet, Active Directory site name, IPv6 Prefix, or an IP address range, and the hierarchy can include any combination of these boundary types. To use a boundary, you must add the boundary to one or more boundary groups. Boundary groups are collections of boundaries. By using boundary groups, clients on the intranet can find an assigned site and locate content when they have to install software, such as applications, software updates, and operating system images.  You can find more information from the official technet article here: http://technet.microsoft.com/en-us/library/gg712679.aspx

 Enabling Discovery

  1. Launch the System Center 2012 R2 Configuration Manager console
    System Center 2012 R2 Configuration Manager Console - Task Bar
  2. Click on Administration in the bottom left corner
    System Center 2012 R2 Configuration Manager - Administration
  3. Expand Hierarchy Configuration and select Discovery Methods
    System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Discovery Methods
  4. Configure Active Directory Forest Discovery
    1. Right click on Active Directory Forest Discovery and select Properties
      System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Discovery Methods - Active Directory Forest Discovery - Properties
    2. Check Enable Active Directory Forest Discovery and Automatically create IP address range boundaries for IP subnets when they are discovered
      System Center 2012 R2 Configuration Manager - Active Directory Forest Discveory Properties

      1. NOTE: Reasons on why we did not select Automatically create Active Directory site boundaries when they are discovered can be found in this blog post: IP Subnet Boundaries are EVIL
    3. Click Yes when prompted to run a full discvoery as soon as possible
      System Center 2012 R2 Configuration Manager - Do you want to run full discovery as soon as possible
  5. Configure Active Directory Group Discovery
    1. Right click on Active Directory Group Discovery and select Properties
      System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Discovery Methods - Active Directory Group Discovery - Properties.png
    2. Check Enable Active Directory Group Discovery and then click the Add button and select Locations…
      System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Discovery Methods - Active Directory Group Discovery - Properties - General Tab

      1. Add Location – This will recursively search a container (most often an Organizational Unit) in Active Directory for Groups
      2. Add Group – This will recursively search a group in Active Directory for additional Groups
    3. Enter in a Name to describe what we are searching and hit Browse… next to Location to select the container containing the groups you want.  Once done, click OK on the Add Active Directory Location screen
      System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Discovery Methods - Active Directory Group Discovery - Add Active Directory Location
    4. Select the Options tab and check the options applicable to you
      System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Discovery Methods - Active Directory Group Discovery - Properties - Options Tab
    5. Click OK on the Active Directory Group Discovery Properties window and select Yes if prompted to run a full discovery as soon as possible
      System Center 2012 R2 Configuration Manager - Do you want to run full discovery as soon as possible
  6. Configure Active Directory System Discovery
    1. Right click on Active Directory System Discovery and select Properties
      System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Discovery Methods - Active Directory System Discovery - Properties
    2. Check Enable Active Directory System Discovery and click the Yellow star to add an Active Directory container
      System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Discovery Methods - Active Directory System Discovery - Properties - General Tab
    3. Click the Browse button and select a container containing your machines
      System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Discovery Methods - Active Directory System Discovery - Properties - Active Directory Container
      System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Discovery Methods - Active Directory System Discovery - Properties - Select New Container

      1. Most production environments will probably have a custom OU defined to place their computer objects.  If in doubt, select the Computers container and click OK
    4. Click on the Options tab, check both options, and click OK
      System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Discovery Methods - Active Directory System Discovery - Properties - Options Tab
    5. Click Yes to do a full discovery as soon as possible
      System Center 2012 R2 Configuration Manager - Do you want to run full discovery as soon as possible
  7. Configure Active Directory User Discovery
    1. Right click on Active Directory User Discovery and select Properties
      System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Discovery Methods - Active Directory User Discovery - Properties
    2. Check Enable Active Directory User Discovery and click the Yellow star icon to add an Active Directory container
      System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Discovery Methods - Active Directory User Discovery - General Tab
    3. Click on the Browse… button and select the container holding your users.  Click OK.
      System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Discovery Methods - Active Directory User Discovery - Properties - Active Directory Container
    4. Click OK on the Active Directory User Discovery Properties window
      System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Discovery Methods - Active Directory User Discovery - Properties - General Tab - LDAP Path
    5. Click Yes if prompted to run a full discovery as soon as possible
      System Center 2012 R2 Configuration Manager - Do you want to run full discovery as soon as possible

Enabling a Network Boundary/Group

  1. Click on Boundary Groups
    System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Boundary Groups
  2. Right click and select Create Boundary Group
    System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Boundary Groups - Create Boundary Group
  3. Enter a Name and Description of the Group
    System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Boundary Groups - Create Boundary Group - Name-Description

    1. NOTE: This group should be used grouping related subnets in a geographic area that will receive patches/update/software from a specific server.
  4. Click the Add… button and select any networks you want to assign to this Boundary Group
    System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Boundary Groups - Create Boundary Group - Add Boundaries

    1. By default, if you enabled the Active Directory Forest Discovery, you should have a network called Default-First-Site-Name in the list.  If you are in a larger enterprise, select the subnets relating to the boundary group.
  5. Click on the References tab, check Use this boundary group for site assignment, and click the Add… button
    System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Boundary Groups - Create Boundary Group - References Tab
  6. Check your site and click OK
    System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Boundary Groups - Create Boundary Group - References Tab - Add Site Systems
  7. Click OK
    System Center 2012 R2 Configuration Manager - Administration - Hierarchy Configuration - Boundary Groups - Create Boundary Group - References Tab - Site system servers