Dear All, I am facing this problem that I am fixing 97 none sccm client in our collection but there are there are 23 systems in that list which are disabled in AD but still sccm is detecting them and adding them in none sccm client which is adding extra load in my work so what could be the solution for this so sccm will not detect disabled system only the active it would display.Please reply me asap. Regards Farhan

Hi, I thought this is normal behavior, SCCM will detect those systems. You can move the disabled systems to a different OU which you won't include into your discovery. Follow me through my blog and Twitter!

I discussed this one offline, there is a bit confusion if this is normal or not. Can't find it in the docs, maybe someone else....?Follow me through my blog and Twitter!

Disabled computer accounts won't be discovered IIRC, so Farhan should provide adsysdis.log. Farhan: ConfigMgr won't remove client records automatically if they were disabled after discovery has run. They would be removed by a maintenance task.

Dear Torsten and All, Which maintenance task will remove this disabled systems if they are disabled after discovery has runned.Please find the settings for our company sccm server according to our envoirentment.Also tell me the best practices for the following task and discovery methods so that our sccm server will be running smoothly what could be the best setting according to our envoirentment:- 1)AD System Discovery(As every Hour a system is installed in different location)-> we made it every 4 hours 2)Heartbeat discovery->we made it 1 week (but if user in our company goes to vacation for 3 to weeks then his system is gone to none sccm client list)what could be best setting for this discovery) 3)Client Install Flag->we made it 40 days in our envoirnment(whats your suggestion in this task settings considering heartbeat interval with it) 4)Delete Aged Discovery Data->it is set to 90 days 5)Delete Obselete Client Discovery Data->90 days Your earliest reply appreciated Regards Farhan

As Torsten said those disabled machines shouldn't be discovered. I wouldn't run AD System Discovery more than once or twice per day. It can take a long time to run depending upon your environment. R3 will help with this but until that's released every 4 hours is too frequent. I set heartbeat to once per day and clear install flag to 14 days normally. (in the US 7 days is about the most anyone takes a vacation. In Europe I could see making that many more than 14 days) The rest of the settings I usually leave at the default unless the customers requirments do not work with the defaults. John Marcum | http://myitforum.com/cs2/blogs/jmarcum |

Dear John As I am living in Middle East here people are going to vacations for 3 or 4 weeks which may increase if user has last years vacations in pending.So what could be the best practice for me according to my envoirnment for these discovery method and maintenance tasks which task will delete the disabled computers from the none sccm clients lists.So how i can stop sccm discovering disable computers. Regards Farhan

You will just have to calculate numbers that work for you. I would still run heartbeat everyday but stretch out clear install flag to like 5 or 6 weeks maybe. John Marcum | http://myitforum.com/cs2/blogs/jmarcum |

Dear Torsten Which maintenance task will remove this disabled systems if they are disabled after discovery has runned.Please find the settings for our company sccm server according to our envoirentment.Also tell me the best practices for the following task and discovery methods so that our sccm server will be running smoothly what could be the best setting according to our envoirentment:- 1)AD System Discovery(As every Hour a system is installed in different location)-> we made it every 2 hours 2)Heartbeat discovery->we made it 1 week (but if user in our company goes to vacation for 3 to weeks then his system is gone to none sccm client list)what could be best setting for this discovery) 3)Client Install Flag->we made it 40 days in our envoirnment(whats your suggestion in this task settings considering heartbeat interval with it) 4)Delete Aged Discovery Data->it is set to 90 days 5)Delete Obselete Client Discovery Data->90 days Your earliest reply appreciated Regards Farhan

There's no maintenance task that would delete disabled computer accounts. AD system discovery does not add / update client records that are disabled so their timestamp does not get updated. #1: it depends on the number of clients and overall performance of your siteserver, but 2h is very aggressive. #2: heartbeat is initiated by the client => offline clients can't send a heartbeat DDR at all. 3 weeks is 21 days, so they shouldn't be deleted when http://technet.microsoft.com/en-us/library/bb693856.aspx is set to 40. #3: why are you using that at all? #4/5: is ok, but it depends on the business requirements

Dear Torsten So what could be the best scenario for the following:- 1)AD System Discovery->I have about 1430 systems which are adding every 3 hours.So what should i schedule for it advise me 2) Heartbeat discovery->They are not deleted torsten but they are coming in none sccm clients after 1 week if user goto vacation so what interval i should select 1 week or 2 week in it 2 week is maximum time for heartbeat discovery in sccm. 3)Client Install Flag-> we are using it for that if heartbeat discovery is not received by sccm from client then it will wait for 40 days and will clear install flag for that client and will push the client again on that system. Regards Farhan

Dear Torsten Also mention please how I get rid of these systems that are already dicovered by sccm but later they were disabled in AD but still exist in none sccm client.Please reply asap. Regards Farhan

Dear All, Wating ur kind replies Regards Farhan

To get rid of these disabled computer accounts, I would: 1. Go into Active Directory Users and Computers, create a query under Saved Queries for All Disabled Computer Accounts (remove the Type and Description Columns). Save this list of computers to a text file. 2. Download and install SCCM Right-Click Tools if you haven't already: http://myitforum.com/cs2/blogs/rhouchins/0401ConfigMgrTools.zip 3. Create a collection called All Disabled Computer Accounts 4. Right-click the collection, expand Collection Tools, select Add Systems to Collection 5. Copy and paste the list you created in step 1 and click the Add Systems to Collection button 6. Right-click the collection and select Delete Special. If you only really install new clients using Client Push Installation and/or you rely heavily on OU membership for software distribution, being aggressive with AD System Discovery and System Group Discovery is acceptable with such a small site (I've seen some 8000 client sites go every 30 minutes). I would only change things if you have performance problems with the site.

As Torsten said those disabled machines shouldn't be discovered. I wouldn't run AD System Discovery more than once or twice per day. It can take a long time to run depending upon your environment. R3 will help with this but until that's released every 4 hours is too frequent. I set heartbeat to once per day and clear install flag to 14 days normally. (in the US 7 days is about the most anyone takes a vacation. In Europe I could see making that many more than 14 days) The rest of the settings I usually leave at the default unless the customers requirments do not work with the defaults. John Marcum | http://myitforum.com/cs2/blogs/jmarcum | Hi, I am interested how R3 would help with this. I have to perform AD System Group discovery multiple times a day in order to meet customer Software Distribution SLA's so R3 could be helpful? Regards, Paul

R3 has a functionality called delta discovery.

Keep in mind that R3, still might not do what you need. If this is the case you should look at ESD or EUD from http://www.systemcentertools.com/ With ESD/EUD you can run discovery every few minutes if you like. http://www.enhansoft.com/

You can't run AD Discovery so often that it's not completed by the time it starts running again. That messes stuff up. I would not reccomend running it more than once, maybe twice per day. As Garth suggests there's a third party tool that can help with this or maybe R3 will help you. If you are doing this because of SLA's maybe you need to look at another client install method. If you install the client with OSD or via GPO you wouldn't need AD Disc running so often. The only reason that you are running it so often is because you are using client push I assume. John Marcum | http://myitforum.com/cs2/blogs/jmarcum |