Configuring Discovery and Boundaries in Configuration Manager 2012 R2 In this post we will see the steps for configuring discovery and boundaries in configuration manager 2012 R2. In my previous deployment series of SCCM 2012 and SCCM 2012 SP1 we have seen much about the discovery methods and boundaries, this post is no different when it comes to configuring discovery and boundaries in configuration manager 2012 R2. We will begin with discovery methods available in configuration manager 2012 R2.
So what are discovery methods in configuration manager 2012 ? In simple terms when you have resources in your company and to gather the resource information, configuration manager 2012 R2 makes use of methods called discovery methods. Configuration Manager 2012 R2 uses a variety of discovery methods to gather resource information and each of the discovery methods gathers information about different objects. Lets see one by one..
Configuring Discovery and Boundaries in Configuration Manager 2012 R2
Active Directory Forest Discovery – As the name suggests it discovers Active Directory sites and subnets, and then creates Configuration Manager boundaries for each site and subnet from the forests which have been configured for discovery. With this discovery method you are able to automatically create the Active Directory or IP subnet boundaries that are within the discovered Active Directory Forests.
You can see in the below screenshot that except Heartbeat Discovery all the other discovery methods are disabled (not configured) by default.
Launch the System Center 2012 Configuration Manager R2 Console. On the left pane select the Administration, expand Hierarchy Configuration, Select Discovery Methods. On the right pane double click “Active Directory Forest Discovery”. Check all the boxes to enable the AD Forest Discovery. With this all the Active Directory site boundaries are created automatically along with IP address boundaries. Click on Apply. When you click on Apply, it asks you to run the full discovery as soon as possible. Click on Yes. Click on OK.
Active Directory Group Discovery – The Active Directory Group Discovery discovers the groups from the defined location in the Active Directory. The Discovery Process discovers local, global, and universal security groups, the membership within these groups. When you configure the Group discovery you have the option to discover the membership of distribution groups. With the Active Directory Group Discovery you can also discover the computers that have logged in to the domain in a given period of time.
To enable the Active Directory Group Discovery, Double click the Active Directory Group Discovery and check the box which says “Enable Active Directory Group Discovery“. Once you do that at the bottom you must add the Groups or the Location. Click on Add and click on Location.
Click Browse to specify the location. Select the Active Directory Container. In this example I have selected the Domain PRAJWAL.LOCAL. Click on Apply. When you click on Apply, it asks you to run the full discovery as soon as possible. Click on Yes. Click on OK.
Active Directory System Discovery – If you want to discover the computers in your organization from specified locations in Active Directory Domain Services then we use Active Directory System Discovery. In order to push the SCCM clients into the computers, the resources must be discovered first. There is an option to discover the computers that have logged on to a domain in given period of time, this way you won’t discover obsolete computer accounts from the Active Directory.
Right Click Active Directory System Discovery and click on properties. Click on Enable Active Directory System Discovery.
To add the Active Directory Containers click on the Orange color icon. Click on Browse and select the domain. click OK. Click on Apply. Run the full discovery by clicking Yes. Click on OK and close the properties page.
Active Directory User Discovery – This Discovery process discovers the user accounts from your Active Directory domain. You will have to specify the Active Directory container to search for the user accounts. There are some good options to discover the user accounts like the option to discover the user objects based on the attributes, recursively search AD child containers, discover objects within the AD groups.
Double click the Active Directory User Discovery, Enable the Active Directory User Discovery. select the Active Directory Container. Click on OK.
HeartBeat Discovery – The HeartBeat Discovery runs on every Configuration Manager client and is used by Active Configuration Manager clients to update their discovery records in the database. The records (Discovery Data Records) are sent to the management point in specified duration of time. Heartbeat Discovery can force discovery of a computer as a new resource record, or can repopulate the database record of a computer that was deleted from the database. Note that the HeartBeat Discovery is enabled by default and is scheduled to run every 7 days.
Network Discovery – The Network Discovery searches your network infrastructure for network devices that have an IP address. It can search the domains, SNMP devices and DHCP servers to find the resources. It also discovers devices that might not be found by other discovery methods. This includes printers, routers, and bridges. In this post we will not configure the Network Discovery method as its not required here.
Concept Of Boundaries – A boundary is a network location on the intranet that can contain one or more devices that you want to manage. Boundaries can be an IP subnet, Active Directory site name, IPv6 Prefix, or an IP address range, and the hierarchy can include any combination of these boundary types. To use a boundary, you must add the boundary to one or more boundary groups. Boundary groups are collections of boundaries. By using boundary groups, clients on the intranet can find an assigned site and locate content when they have to install software, such as applications, software updates, and operating system images.
Since we have run the Active Directory Forest Discovery method we need not create a boundary here, we will create a Boundary Group. Now we need to add the Boundary to the Boundary groups. In the Configuration Manager console, select Boundary Groups, right click and click on create a boundary group. Provide a name to the boundary group and click on Add.
On the Add Boundaries window select the boundary, in our case there is only one discovered boundary and that is the Default-First-Site-Name. Click on Apply.
Click on References tab, check Use this Boundary group for site assignment. To add the site system servers, click Add and select the Site System Server. Click on OK.
When creating boundary groups is it possible to move boundary sites to another boundary group if I create a secondary site.
Hi Prajwal, i like your post’s the most. Thanks for the support you give us. i have aquestion to ask?
Do we need to add primary site server as a reference server in boundary group along with Distribution point of that particular location. For SCCM 1806
Awesome Prajwal your way of explaining is clear and precise….it really shows your hard work..Keep roking!
Hello Prajwal,
Thank you for your posts on SCCM,
I’ve deployed SCCM current branch and I’m going to use for a single domain site. therefore I’ve enabled Active directory forest discovery method. I’ve two distribution point one on the site server and the other is on remote as component server (I thought this for load balancing).
But I’ve encountered issue ‘waiting for content’ while testing application deployment for selected clients. I went through all valuable logs on the server and client but can’t find any error related to this issue.
I thought I missed some basic thing on Boundary and boundary groups. I just created Default-First-Site-Name boundary group and added the two distribution point server as a reference. But didn’t make any change on the default boundary and tried to add it to boundary group I’ve created but no luck.
Now, I’m thinking of creating custom boundary which could be used for all devices in my active directory forest. So can you please help if I’m on the way and guide on what should be the properties of the custom boundary.
Thank you very much,
Hi Prajwal,
First Of all I would like to thanks you for the posts, they are clear and helpful.
I have a question, I went a little bit fast in the end of this post, I didn’t Click on References tab, I have clicked on apply, closed the wizard.
afterward I have deleted the boundaries and the boundary groups thinking if i redo the same actions I will be able to create a new Boundary Groups but when I went to add the Boundaries I couldn’t find the Default-First-Site-Name ? is there a fix ?
Many thanks in Advance
Best regards
Khalifa
You can ignore the default first site name and create new boundary and boundary groups.
Hello Prajwal, Excelling step by step, I have a production SCCM 2012 r2 site and working fine, I am following your guide to configure Lab setup with new installation. I wan;t to keep it as a separate installation but in same domain. I have installed already but did not configure the AD and schema extension. Would like to know if I should configure the Ad forest discovery, user discovery, heartbeat discovery and boundaries. I am afraid If I configure boundaries, as its a same network for production and lab.
You should not configure boundaries that overlap both environments. Why don’t you use a dedicated IP address range and use that as boundary ?.
Thank you for the quick reply. Production and lab sit on same network, I will be using production clients to test deployment (by installing lab ccm client)
What are you trying to achieve in lab setup ?. If you can tell that I can give some suggestions.
I am setting up a Lab site into existing production domain which already has production SCCM primary site working fine. I will use the lab site for testing deployments within the same domain and network but different site.
I read somewhere that I should not publish this lab site to AD forest which already has production site published. hence soon after installing I should uncheck the domain suffix under publishing tab of sites. I am just confused, like what happens if I publish both production and lab sites to same AD forest.
I am setting up a lab site into my production domain which already has production sccm site working fine. I will use the lab site to test deployments which will be running into same domain and network as production.
Another doubt below:
I read somewhere that I should not publish the lab site into AD forest as production site is already published. I should be unchecking the domain suffix from the publishing tab of sites soon after installing. Just confused what would happen if I publish lab and production both to AD forest?
hello got error during installation management point showing critical error in system status how can fix ?
what’s the error ?. Can you post the error here https://www.prajwaldesai.com/community/
Hi Prajwal, I successfully Deployed Windows 7 into pilot users. SCCM reports shows 2 more user in pilot users, the update is not required. Please advice why their computer not required even though we all using Windows 7.
I’m new to SCCM 12. I would like to categorized all the devices or users by windows 8,7,10..
Is it possible. May I know how to do it.
As you had contacted using the contact form, I have replied to your question. Check your inbox.
Hi, thank you for all the posts about SCCM, I’m thankfull.
I’ve just a little problem when I need to Add a Boundaries, because I find nothing in the selection, can you help me ? I’ve doing all the the configuration before.
Hi Prajwal, I am installing SCCM with the help of your available resources(A newbie to the software). I figure this odd situation which i believe it shouldn’t be. after the discovery and boundary configuration and client installation the client type and client criteria is still the same and I’d like to know how to make LabWin8-1 active
@Ismail – Could you post your question here ? – https://www.prajwaldesai.com/community
Hi Prajwal,
I am new to SCCM. Can you assist me more on device management. Discovery is the mandatory process or we can directly create device collections and any relationship between these two?
Yes you have to run the discovery before you think of creating device collections, however not all the discovery methods are mandate to run you can run selected discovery methods.. Help link :- http://technet.microsoft.com/en-us/library/gg712308.aspx