I have a few questions regarding the Discovery Methods in SCCM - starting with AD System Discovery I have one central site and 2 parent sites, along with 70 secondary sites, should the discovery methods be enabled only at the central or all primary sites?Defining Active Directory Containers, when I identify The Distinguished Name (LDAP), by default they are set to recursive - YES and Group - EXCLUDED. I am assuming here that excluded means that during polling SCCM AD System Discovery will NOT poll these OU's - is this a correct assumption?I am trying to keep the database clean and am trying to start by re-defining the discovery methods as I continue to get inactive machines into the database through the discovery methods. In our environment we have a NO DELETE policy for AD Computers, we will disable after 6 months of no activity and move those PC's to an OU that I have excluded from the discovery methods. Any suggestions on a way to help keep the database clean and managed? Thanks

hi Jason, just on point #2 - there is also the AD security Group Discovery on its own, so what's the difference between this and the "Include Groups" as per your explanation. Cheers, Xm

(Sorry for the late reply) Security Group Discovery discovers AD security groups but not their members. Include groups doesn't discover groups, it discovers members of groups that happen to be within the OUs that are in the scope of the System Discovery.Jason | http://blog.configmgrftw.com