AD System Discovery, AD Sites and the v_RA_System_IPSubnets view
I was running AD discovery on a new SCCM site and as usual I ran the "Count IP addresses by subnet" report. In the past this has been very useful in making sure I had all my subnets accounted for. There are even a few other queries on MYITForum that provide a nice list. The problem is the report is not accurate, it is only accurate for subnets that are defined in AD Sites. Seems that SCCM when it does discovery uses AD Sites to determine the most likely subnet that computer should be in. Problem is if there isn't a correct match, it tries to find close enough or doesn't add it. So you look at the report and it gives you these totals, but they are not accurate and some subnets may be missing. If you run a query with the IP Address and Subnets for each Resource ID you can see some really strange mappings in one of them a 10.0.0.0 subnet was in a subnet completely unrelated.First one comment about AD Sites to the SCCM team, in my experience they are NOT ACCURATE, don't rely on them. Customers make changes all the time to the networks and don't update the AD Sites. Most things work just fine so they don't run into issues. With SCCM they will run into issues. I have a suspicion that SMS didn't use AD Sites to determine subnet, but I can't validate that. If it didn't rely on AD Sites it would be really nice if SCCM would go back to it since you can't rely on AD.Bob
December 22nd, 2009 7:05pm

Clarification I should have state:I was running AD discovery on a new SCCM site and as usual I ran the "Count IP addresses by subnet" report. In the past this has been very useful in making sure I had all my subnets accounted for. There are even a few other queries on MYITForum that provide a nice list. The problem is the report is not accurate, it is only accurate for subnets that are defined in AD Sites. Seems that SCCM when it does discovery uses AD Sites to determine the most likely subnet that computer should be in. Problem is if there isn't a correct match, it tries to find close enough or doesn't add it to the subnets view. So you look at the report and it gives you these totals, but they are not accurate and some subnets may be missing. If you run a query with the IP Address and Subnets for each Resource ID you can see some really strange mappings in one of them a 10.0.0.0 subnet was in a subnet completely unrelated.First one comment about AD Sites to the SCCM team, in my experience they are NOT ACCURATE, don't rely on them. Customers make changes all the time to the networks and don't update the AD Sites. Most things work just fine so they don't run into issues. With SCCM they will run into issues. I have a suspicion that SMS didn't use AD Sites to determine subnet, but I can't validate that. If it didn't rely on AD Sites it would be really nice if SCCM would go back to it since you can't rely on AD.Bob
Free Windows Admin Tool Kit Click here and download it now
December 22nd, 2009 7:06pm

Since it appears you are making an observation, not really asking a question, if you have a suggestion to improve the product that you'd like the Product team to see, your best bet would be to submit your improvement via Connect. Observations or requests for improvement to the product aren't tracked in the forums.fyi, SMS2003 did use AD Sites for boundaries.Standardize. Simplify. Automate.
December 22nd, 2009 8:59pm

Very true, I was hoping someone might have some additional thoughts on this, and of course that looking at SQL query results hadn't fogged my brain. Based on what if anything comes out of this I'll post something to Connect. Besides it might help someone else in the future since the forum tends to be more searchable than Connect.Bob
Free Windows Admin Tool Kit Click here and download it now
December 23rd, 2009 12:12am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics