Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

Add option to exclude containers/OUs from Group Discovery

Here’s the problem. Systems exist in the Domain Computers group and other groups, so any recursive discovery of groups for the domain will put the partial system discovery back in the system.

https://docs.microsoft.com/en-us/sccm/core/servers/deploy/configure/configure-discovery-methods#bkmk_config-adsd
Starting in version 1806, select subcontainers (and/or OUs?) to exclude from this recursive search. This option helps to reduce the number of discovered objects. Select Add to choose the containers under the above path. In the Select New Container dialog box, select a child container to exclude. Select OK to close the Select New Container dialog box.
Tip
The list of Active Directory containers in the Active Directory System Discovery Properties window includes a column Has Exclusions. When you select containers to exclude, this value is Yes.

Good:
INFO: discovered object with ADsPath = 'LDAP://DC.EMSLAB.LOCAL/CN=AZUREADSSOACC,OU=Do Not Discover,DC=emslab,DC=local' SMS_AD_SYSTEM_DISCOVERY_AGENT 10/10/2018 6:09:56 AM 20196 (0x4EE4)
WARN: Discovered object is in excluded AD container. Skip. SMS_AD_SYSTEM_DISCOVERY_AGENT 10/10/2018 6:09:56 AM 20196 (0x4EE4)

Bad:
INFO: Processing discovered group object with ADsPath = 'LDAP://DC.EMSLAB.LOCAL/CN=Domain Computers,CN=Users,DC=emslab,DC=local' SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT 10/10/2018 6:14:00 AM 6756 (0x1A64)
INFO: DDR was written for group 'EMSLAB\Domain Computers' - C:\Program Files\Microsoft Configuration Manager\inboxes\auth\ddm.box\userddrsonly\asgx21yd.DDR at 10/10/2018 6:13:57. SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT 10/10/2018 6:14:00 AM 6756 (0x1A64)
INFO: DDR was written for system 'AZUREADSSOACC' - C:\Program Files\Microsoft Configuration Manager\inboxes\auth\ddm.box\adh4b27e.DDR at 10/10/2018 6:13:57. SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT 10/10/2018 6:14:00 AM 6756 (0x1A64)

Net result is nothing is cleaned up in SCCM and defeats the intention of the exclusion.

25 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
You have left! (?) (thinking…)
Ray Rosen shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base