Allow exclusion of OU's from Active Directory System Discovery
Have the ability to include/exclude certain OU's from both Active Directory User and System Discovery.
E.G. I might have an "All Users and Groups" OU at the root domain level, which may contain sub OU's containing service accounts or mailbox accounts etc. that I don't want being picked up by discovery. The ability to pick which sub OU's to discover/not discover would be really handy in this scenario. The same applies for system/computer discovery also.

This is complete for System Discovery but not for User Discovery.
6 comments
-
Mike commented
Agreed with this 100%. This should have been a feature long ago. Having to change permissions in Active Directory to avoid discovery is a hack at best. There should be an easy way to indicate "Exclude this OU" in the discovery method.
-
Sean Bravener commented
+1 we have groups that have mac and linux boxes we do not want included in discovery. will try denying access to the primary site computer to see if that will work.
-
bill commented
you can deny your site server machine account "read" access to the OU.
-
Ronny commented
+1, same here. Have a Citrix environment and all the machines appear in SCCM because of the Group Discovery...
-
Anonymous commented
+1 Jacob Jeffers. This should have been a feature long ago
-
Jacob Jeffers commented
I came here to submit this same request. We have OUs that contain things like machine objects for VDI systems - which there will often be a few thousand of. These systems aren't maintained by SCCM, and shouldn't be discovered, but there is no easy way to exclude them without listing all of our OUs individually for discovery.