I have a question about Active Directory System Discovery and more specifically regarding how it interacts with DNS to get the IP Address for a system. The site server in question is running SCCM 2007 SP1 on Windows 2003 R2 (x64) with SP2. The Active Directory System Discovery Flowchart (http://technet.microsoft.com/en-us/library/bb932137.aspx) states that "Adsource.dll gets the IP address for the system from the Domain Name System (DNS)." but it does not go into any more detail. I need to know how it determines which DNS to use. Does it look the machines up in the DNS servers (primary first then secondary?) configured in "TCP/IP Properties" -> "Use the following DNS server addresses:" configuration on the active NIC? Does it look them up in the DNS Suffixes listed in the "Append these DNS suffixes (in order):" list for the active NIC? Does it use a hybrid of the two aforementioned items or something else? The reason I ask is that I work for a large company who would like to enable Client Push Installation but before doing so they must enable a discovery method first - namely Active Directory System Discovery. Tests in the past have shown that Active Directory System Discovery takes over 24 hours to complete and this is because the company I work for has many different DNS zones that machines belong too and to scroll through each takes a long time. We are working to clean up their DNS but I need to know how Active Directory System Discovery interacts with DNS before I can determine how best to start the cleanup. I also need to know if Active Directory System Discovery captures the site specific DNS suffix of a given host name when that host is discovered and, if so, does it get this info from AD itself or from querying each DNS zone? Any further info on the Active Directory System Discovery process that anyone can offer would be great so that we can get to work on cleaning up DNS in their environment with the end results of enabling Active Directory System Discovery to allow for Client Push Installations to be enabled. I apologize if I am using DNS terms incorrectly. I am not very familiar with DNS and am trying to wrap my brain around how it works.

Tests in the past have shown that Active Directory System Discovery takes over 24 hours to complete How many clients were you trying to discover? And how did you determine the runtime? Examining adsysdis.log?

Thanks for the info John. Do you know if it scrolls through the DNS suffixes in order or if it just cycles through them randomly. Do the primary and secondary DNS Servers configured for the active NIC come into play at all?

Hi Torsten. I'm not exactly sure as to the number as I wasn't working for the company when they first tried to enable AD System Discovery. However, I do know that they have over 100K machine records within the AD that are supported by their SCCM environment. From what I understand my predecessor was able to determine the runtime by examining adsysdis.log and determining that the discovery task hadn't completed in 24 hours. Another thing to note is that the DNS Suffix Search order on the server contains well over 33 entries which is certainly contributing to the issue and a plan is being put into place to cut these entries drastically as rumor has it that the official supported number of entries is ~15 per Microsoft.