All Some time back during my initial testing, I created a new OU in AD and moved a computer to this OU. Using AD System Discovery, I was able to discover this computer. Based on this, my permissions, etc should be correct. Boundaries are also configured to include all computers in the below mentioned OU (IP subnet). Today, I wanted to add my "main desktop computer OU" to my discovery rule, but discovery doesn't work. I get the following in SMS_AD_SYSTEM_DISCOVERY_AGENT Component Status: SMS Active Directory System Discovery Agent reported errors for 18 objects. DDR's were generated for 0 objects that had errors while reading non-critical properties. DDR's were not generated for 18 objects that had errors while reading critical properties. Possible cause: The SMS Service might not have access to some properties of this object. The container specified might not have the properties available. Solution: Please verify the Active Directory schema for properties that are not replicated or locked. Refer to the discovery logs for more information. I also got this message: SMS Active Directory System Discovery Agent read the AD Containers and found 3 valid AD Container entries in the site control file. Active Directory System Discovery Agent identified 210 systems in the AD Containers and generated 192 system discovery data records (DDRs) and 18 errors while attempting to create DDRs. The OU contains about 200+ comptuters, but none appears in "All Systems" collection. I did some reading about a log file called "adsysdis.log", but I cannot find it anywhere. Any idea what might be wrong in my setup and where this log file might be? Some help would be greatly appreciated. Best regards, Thomas

Hi Thomas, You will find the ADsysdis.log file in the .\program files\ Microsoft System Center Configuration Manager\Logs folder on the site server.Kent Agerlund | http://scug.dk/members/Agerlund/default.aspx | The Danish community for System Center products

There are a couple of caveats for system discovery as it will not just discover everything in the OUs and containers that you specify. First, the computer account must not be disabled. Second, the IP address of the computer account must be resolvable. This does not mean it pings the computers, just that it uses DNS to lookup the IP address of the system. This is usually where most folks start to have the disconnect with AD System Discovery. Make sure that when you test for address resolvability, you use ping or a local tool, not nslookup as this is not a test of whether a client can resolve another system's IP address. Also make sure you do this from the site server as it is the one that is doing the resolving. But, before you go down this road, check the log file like Kent mentioned. It might point out something different.Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys

Kent Thank you so much for the information. I found the log file and it seems like there are some DNS issues which is causing my problem. Jason: Thanks a lot for the detailed information about AD System Discovery. That should help me to better understand how this works. I noticed this morning that most of my computers are now available in SCCM. It seems that the overnight scheduled discovery process worked. Yesterday when I initially enabled this discovery for all my "user computers", I ticked the box to "Run discovery as soon as possible" and that failed with the error I initially posted. Looks like I need to dig a bit regarding DNS and see why some computers are still not available in SCCM. Thanks again for your help. Best regards, Thomas