Hi All,

Since I simply cannot find an answer to my question using google, will ask it here and hope you can help me.

Which EXACT User attributes does Delta Discovery check for in SCCM 2012? Is it possible to manipulate this, and add one more attribute?

Microsoft's answer to this question is a simple: Basic User Information, but that not an exact answer.

Here is the deal. We updated the extensionAttribute12 with computernames, so that we know what the primary device for a User is (I know this feature is present in CM12, but we will not use it for reasons). This information will be collected by User Discovery and by using a nested query in the device collection, the Primary device will be added to it. This works like a charm, the only issue is time. We need that value to be checked by delta discovery if it has been changed, however this only works with FULL discovery which is set to 1 week. If I lower this value that might cause serious backlogs, as the jobs get piled up in the inboxes due to the large amount of DDR files. Is there anything we can do? Powershell script, a configuration file in CM12 for delta discovery or something. We really don't what to set the User discovery to run a FULL scan every 4 hours or so, as I don't know what would happen when checking for 24k Users.

Thank you in advance for any sort of feedback!

Regards,

Hi

I am sure that I remember correctly but here goes: Only replicated AD attributes (amongs Domain Controllers) will be picked up by a delta discovery. Whether or not an attribute is replicated is controlled by a SystemFlag.

You can find information on how to determine whether or not the extensionAttribute12 attribute is replicated here: http://adisfun.blogspot.co.uk/2011/10/find-non-replicated-attributes-in.html

If it is not replicated you could try to change the SystemFlag on that attribute and wait for Delta Discovery to run and check if it is picked up.

This may not be supported either in AD or ConfigMgr.

#1, why such a short time frame of 4 hours? Isn't 24 short enough?

#2, Exactly how long does a full discovery take? and Hour? Why not run a full discovery at 2:17am?

Delta Discovery is not based on any attributes. Delta Discovery is based on the USN within Active Directory which allows AD replication and ConfigMgr in this case to be sensitive to any and all change to objects in AD since the last check. Based on the USN and the changes, if any of the in scope user objects (in this case) are changed, then a new DDR is generated for this object. This DDR is not a delta DDR but is a full DDR containing all attributes specified in AD Discovery.

Thus, the things to verify are whether or not this attribute update has actually replicated to the DC being queried by ConfigMgr and that it in fact updates the USN in AD for the object. Additionally, you can verify that the DDR submitted has the attribute in it.

Although not specific to this issue, you can follow the details at http://blogs.technet.com/b/configurationmgr/archive/2012/03/27/machine-added-to-a-configmgr-group-is-not-captured-during-the-delta-discovery-process.aspx to help you look into the issue.

Hi,

Well, I checked the attribute if its replicated to the GC and according to this line isMemberOfPartialAttributeSet: TRUE it does. Will run a test again with delta discovery, and if that failes, will try to change the SystemFlag on it.

dn:CN=ms-Exch-Extension-Attribute-12,CN=Schema,CN=Configuration
>objectClass: top
>objectClass: attributeSchema
>cn: ms-Exch-Extension-Attribute-12
>distinguishedName: CN=ms-Exch-Extension-Attribute-12,CN=Schema,CN=Configuration
>instanceType: 4
>whenCreated: 20050715092317.0Z
>whenChanged: 20110528160036.0Z
>uSNCreated: 6155
>attributeID: 1.2.840.113556.1.2.600
>attributeSyntax: 2.5.5.12
>isSingleValued: TRUE
>rangeLower: 1
>rangeUpper: 2048
>mAPIID: 35928
>uSNChanged: 6155
>showInAdvancedViewOnly: TRUE
>adminDisplayName: ms-Exch-Extension-Attribute-12
>adminDescription: ms-Exch-Extension-Attribute-12
>oMSyntax: 64
>searchFlags: 16
>lDAPDisplayName: extensionAttribute12
>name: ms-Exch-Extension-Attribute-12
>objectGUID: {5AC9437E-18AE-4EE6-909B-94CC1B6EF1C5}
>schemaIDGUID: {167757F7-47F3-11D1-A9C3-0000F80367C1}
>attributeSecurityGUID: {E48D0154-BCF8-11D1-8702-00C04FB96050}
>isMemberOfPartialAttributeSet: TRUE
>objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration
>dSCorePropagationData: 16010101000000.0Z
>msDS-IntId: -1992421057

Hi,

Any update?

Best Regards,

Joyce

Hi,

Talked to our server guys to make changes to the system flag property of the extensionAttribute12, and they asked for a reference attribute. I checked which to use, and thought of the display name as that surly would be updated by the Delta Discovery as it must be part of the basic user information...well I was wrong. Not even the Display Name gets updated by delta discovery so now I was thinking, the User Discovery only updates 10 attributes + 1, so why not set the polling schedule to 1 hour. This should not have any huge impact on the central server as its pretty powerful. Users the central server will manage are around 22k...

One question still remain: Microsoft states the the Delta Discovery for User Discovery only checks changes made to the User's basic information. What are the basics? Is display name not a basic information? Is something wrong with our system (brand new, only with 300 User's so far)?

Regards,

Janos

Microsoft states the the Delta Discovery for User Discovery only checks changes made to the User's basic information.

Who stated that? That is incorrect to my knowledge. Please see my response in this thread.

Who? Microsoft!

https://technet.microsoft.com/en-us/library/gg712308.aspx#BKMK_ADUserDisc

Go to the part: Active Directory User Discovery

Here you will find the following sentence, right before the list.

"By default, Active Directory User Discovery discovers basic information about the user account including the following:

• User name
• Unique user name (includes domain name)
• Domain
• Active Directory container names"

That statement has nothing to do with delta discovery so you're taking it out of context. That statement simply is a description of what is discovered by user discovery.

To see exactly which attributes are discovered, simply open the properties of your user discovery and look at the attributes tab.

And, as I previously mentioned, delta discovery does not key off of a change in specific attributes, please read my previous reply as I don't feel like copying and pasting it here.