Hi I have installed a new sccm 2007. Schema is extended.. I set the boundary to be active directory + entered the IP range / subnets. I went to discovery and enabled it. However no matter what I do (update, refresh, reboot), I seen no new machines showing up. Your help is appreciated. Thanks

verify that you have the correct OU in the AD system discovery. Also check the adsysdis.log file for errors.Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund

Which discovery did yo enable and how did you configure it? What did you set for its schedule? Did you choose the choose immediately option? Discovery is completely independant of the schema and boundaries.Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

Yes. I did all the above. It turned out that I had put the SCCM Server computer account in the sccm-admins group and then given the group full rights to "SYSTEM" OU in the active directory. However I had to go back and add the computer account to the security tab of "SYSTEM" OU. Then it started discovering! I guess the machine MUST be added separately to the security and given full rights then. Thank you Kent & Jason

Permissions on the System container have nothing to do with discovery. That is just coincidental. Just to be cleear, there is no requirment in ConfigMgr to grant the site server's computer account any permission on the System container in AD. For AD Discovery, the site server connects to AD via LDAP and queries the OUs that you specified. To do this, it uses the site server's AD computer account. By default, all computer and user accounts have permissions to read any object in AD and thus there is nothing you should have to add unless your AD is locked down in a non-default way. Another possibility here is that you didn't update your collection(s). Collection are not real-time reflections of what's in the database -- that would put far too large a strain on the system as a whole. Instead, collections are based on queries that only run on a periodic basis -- once every 24 hours by default. Thus, unless you manually initiate a collection update (not refresh, that's different) or you wait for the schedule collection update, you will not see changes to the collection membership including new members.Jason | http://blog.configmgrftw.com | Twitter @JasonSandys