Hello - I have looked through the documentation and other sources for the answer to this, and can't find it.

We are currently deploying SCCM 2012 R2 into a completely greenfield environment, new AD, new clients, everything. One of the features I want to take advantage of site boundaries published in AD, so clients will automatically find their site when they check in for the first time. We haven't gotten to deploying OSD yet, so we are currently deploying MDT 2013-based Windows 7 disk images. The image has the client pre-installed using "ccmsetup.exe /service /forceinstall". Since the PCs are going to the "production" SCCM environment, we build them in a location where they never contact any SCCM server. As such, the client is installed with no certificates or site code. The SCCM primary site is configured to publish site boundaries to AD, the System Management container is created, and the Site Server computer account has Full Control -- this is working correctly as the information is being published to AD as expected. Boundary groups containing my clients' AD site and IP range are also configured for site assignment.

My understanding of client site assignment was that when the client joins the domain for the first time, it checks AD (among other sources) to find the site code to assign it to. I have found interesting behavior:

• Site assignment does not appear to be fully automatic. Instead, I need to go the Configuration Management control panel and manually click the Find Site button on the Sites tab.
• When I do this action as the local (non-domain) admin, I get the error message stating the SCCM can't find a site to manage the client.
• If I log on as a domain user, and do the same thing, the site populates immediately and all is well.
  

The ClientLocation log indicates that no matter who I am logged on as when I do this, the client checks my domain name, site name and IP address and valid values are returned. When I click Find Site as the non-domain user, the log says no information was found in AD, DNS or WINS. When it succeeds as the regular user, everything works, the site code is returned and the client starts setting itself up.

So, questions:

1. Is there no such thing as fully automatic client site assignment? Does someone have to manually go in and press the button or force the setting down through GPO?
2. If so, what is the preferred method assuming you are not using Client Push Installation...GPO I'm assuming?
3. If not, and I'm just missing something, is it possible to assign extra permissions in AD to cover the client systems' computer accounts?
4. And, if I do have to manually push the "Find Site" button -- is there a way to script this action?

#1: why is there a need for *automatic* site assignment? Is there more than one primary site? If not: not need for *auto* site assignment
#2: why are you installing clients in a location without connection to the ConfigMgr site? You could try installing it using SMSSITECODE=XYZ
#3: see #1. There's no need for auto-assignment
#4: it could be scripted, but that's most likely not needed (see #2).

Your assumption ("My understanding of client site assignment was that when the client joins the domain for the first time, it checks AD (among other sources) to find the site code to assign it to") is wrong. Site assignment usually only happens when the client is installed.

All good points:

1. The need is actually a want -- reducing the number of steps to get a system deployed out in the field and under management. Extremely low bandwidth back to the site servers is the reason for pre-installing a client and not using Client Push Installation or other methods. And yes, the idea is to create a single image with the client pre-loaded that could potentially join a new site. I wanted to see if I could find a way to save the field tech installing the PC a step, and it looks like the GPO method discussed below is the way to do it in this case.

2. The client images are built in a different environment, and not joined to the production SCCM environment that "real" clients will live in...this is for a managed service provider and we want to keep the image build process separate from "live" customer stuff. We're managing systems for multiple customers and maintaining multiple SCCM environments, as opposed to running SCCM inside a single company's IT infrastructure.

Once we implement OSD, a lot of this will go away, but for now we are using MDT images and media based deployments due to network issues.

I just tested this today, and using a GPO to force clients to a site works with no user intervention, in case anyone is searching for this. Import the ADM templates from the SCCM media's TOOLS directory into the GPMC, create a GPO that specifies your site code, and link it to OUs containing machine accounts you want to force the assignment on. Pre-create the computer accounts in these OUs, then they will pick up the site assignment from group policy on the first refresh.

Thanks for confirming that the site code check is only done during the initial installation of the client, not on every startup when the client has no assigned site. That wasn't totally clear on the TechNet articles I was reading, and the log file seemed to indicate it was checking every time.

• Edited by EricTorbenson 9 hours 55 minutes ago