AD Group Discovery writes DDR for invalid records

Hi,

I think it's a bug - AD Group Discovery will write DDR and thus create AD objects in SCCM DB which are rejected by AD System Discovery.

adsysdis.log
ERROR: System testcomputer is a unsupported operating system, unsupported version, or malformed AD entry. Reported system type is:  ().

adsgdis.log
INFO: DDR was written for system 'testcomputer' - <path>\inboxes\auth\ddm.box\adhszouf.DDR at 9/11/2015 16:50:1.

I've found this post where the same behavior was considered as a bug in 2k7 and hoped for a fix... well the fix is still not there.

https://social.technet.microsoft.com/Forums/en-US/2a57bc0e-4f6a-4464-98b4-cc440f9aed5b/system-group-discovery-method?forum=configmgrgeneral

Additionally I raised this as a feature request for vNext... thogh I hope someone has a workaround to prevent this behavior...

September 11th, 2015 10:58am
The only real work-around here is to use targeted group discovery instead of discovering the membership every group; namely not discovery the membership of built in groups like Domain Computers which include every computer joined to the domain.
Free Windows Admin Tool Kit Click here and download it now
September 11th, 2015 11:16am

I think Domain Computers is ignored. I use the following scenario to enable OSD for new computers:

- script creates AD Computer object, imports SCCM computer information with MAC and adds to OSD collection

This process worked in the last few months without problems. Now I've been asked to extend the script to add some property to the new AD computer object, one of them is adding it to a custom AD security group. The computer object is imported then through this AD group, even though it is still an invalid object and thus creating the dupe.

Lucky enough, since the one that was imported via the script is the only one having MAC, the OSD works, and after the OSD the duplicate will be removed by SCCM. There's only a problem when the OSD admin enters incorrect MAC, and later updates, and if the wrong entry gets updated - but of course we can live with that, it's just a bit annoying, since this issue was already reported for SCCM 2007 and I guess it never has been fixed. Even though I believe it wouldn't take much to fix it...

Maybe, as in win10, System Center products should have their feedback app, to report bugs :)

September 14th, 2015 8:40am

Domain Computer is not ignored to my knowledge.

Why not just exclude the group you are using as mentioned by only including valid groups?

As for reporting bugs, that's been there for a long time, simply do to connect.microsoft.com and enroll in the ConfigMgr section.

Free Windows Admin Tool Kit Click here and download it now
September 14th, 2015 9:29am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics