I have an issue where computers are not being discovered by the Active Directory discovery agent. The are no errors in the discovery logs with the exception of it complaining about a few bogus systems, but none are the computers in question. Also, I did the run AD discovery ASAP and then went to check a few of the computers and the last discovered time does not change. The computers in question do show up in the console, but the discovery method is client registration, and heartbeat, not AD discovery. I need to get AD discovery working because I have several collections that have queries based off of the "System OU" which is not populated for these systems. If this computer was previously removed by a site maintenance task for inactive discovery data, would it get re-added if a heartbeat discovery was detected? The only thing I can think of is that the computers were deleted by a site maintenance task because they were at one time not active, but now we have computers with the same name that are active and it wont re-add them because it still see's them as inactive? Is this possible? Thanks, -Andy

No, that's not possible (at least not from what I know) for a system that has been deleted by a maintenance task to prevent it being discovered again. The adsysdis.log does show the systems that are discovered. Does it list those systems in question? Are those systems disabled in AD? We don't discover disabled systems any longer. And, you don't get OU information from AD System Discovery, the OU information comes from AD System Group Discovery, so try that one.

The adsysdis.log does not show the system being discovered. The only log file I can findthe system being listed in is "assysgrp.log"- Inserted at 136 : m_paAssSys=%MACHINENAME%. The computer accounts are not disabled. I have tried to run both the AD System Discovery to get it listed in the discovery info, and the AD System Group Discovery. It seems that neither is working, but no errors are shown in the log files. Is there anything else I should be checking for?

Wally, I was reading this post and I have a silly question relating to discovery ofAD objects. In an SCCM hierarchy: Where is the correct place to discover AD objects? at the topserver ofthe hierarchy? or at each primary? Does it make any difference?

I have no other suggestions, sorry. I've never seen this being an issue before. Everyone is always successful at discovering from AD (as a general rule anyway). Unless those systems are not in the path you are querying from.

For Jonathan's question: You run discovery at every site that you need the objects discovered locally at. However, it is recommended to not discover the same resources at each site, as each DDR created will be replicated up the hierarchy to the central site. So, if you have 8 sites all discovering the same full forest, the central site will need to process 8 DDRs for each discovered system. It's better if you have unique OUs per location, so each primary site would only discover resources local to that location.

If these systems are not in the logs as being discovered, and they are not in the logs as in error, than I would go over the basics. What ou are these systems in, what do you have configured in ad system discovery as locations to include?

Personally I recommend against enabling discovery on secondary sites. The only possible reason you might need it is for client push installation to occur from the secondary site, and this also depends on the secondary site being a proxy management point as well. I have had too many customers enabling discover on secondary sites and swamping their primary site with excess and duplicate DDRs.

Active Directory System Discovery will create a DDR for a resource only if it can resolve the name to the IP address by using DNS. If a valid DNS entry does not exist for a computer, Configuration Manager 2007 does not discover the computer but does create a status message stating there were errors for that computer. You might see these computers referred to as "bogus" in adsysdis.log.