Ideas
What features would you like to see?
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we canāt promise to reply to all posts.
If you require assisted support, please see https://aka.ms/cmcbsupport for more details.
-
AD System/User discovery on disabled accounts
SCCM is not synchronizing disabled accounts, so it is not synchronizing the change in the UserAccountControl-attribute, so from SCCM perspective every machine/user is active. This creates problems e.g. in Software Asset Management since collections canāt select AD active accounts only. SCCM should synchronize changed attributes or at least UserAccountControl of AD disabled accounts if the account exists in SCCM
96 votes -
AD Group discovery discovering group members
AD Group discovery automatically discovers all computers and users that are members of the group (and nested groups). Sometimes it is not desired, as we choose what computers/users we want to discover via AD System/User Discovery. AD Group discovery should update group membership information for existing resources in the site. Or, ideally, provide an option to choose if we want to also discover group members, or not.
94 votes -
AD System Discovery - Skip the DNS Check Please!
Please add a check box which would enable me to have the DNS check skipped during computer system discovery. There are situations when a system may not resolve in DNS from the CM server, however I would still like to have the attribute data (LastLogon, pwdLastSet, etc) from Active Directory updated by the discovery process regardless of the DNS check. Currently these values are not updated if the system is not found.
79 votes -
Add firmware property to Win32_Diskdrive in hardware inventory
We have had a number of cases where old firmware versions of SSD drives caused computer failures - so being able to report on these is important.
OOTB the Win32_DiskDrive class is available but doesn't include the firmware property.
This means you need to add a custom class to enable discovery of this data.
Can we extend the existing class to have the firmware able to be enabled without any customization?
More info on an unsupported way to achieve the same result: https://timmyit.com/2017/03/13/hardware-inventory-disk-name-and-firmware/70 votes -
Remove Custom Discovery Data
When creating custom discovery data using the smsresgen class there is no way to remove this from the discovery related tables in ConfigMgr. Since there is a supported way to add this data, there should be a supported way to remove it. This is necessary as a rollback option, to return ConfigMgr to its default state, before the custom discovery data was added.
63 votes -
Allow exclusion of OU's from Active Directory System Discovery
Have the ability to include/exclude certain OU's from both Active Directory User and System Discovery.
E.G. I might have an "All Users and Groups" OU at the root domain level, which may contain sub OU's containing service accounts or mailbox accounts etc. that I don't want being picked up by discovery. The ability to pick which sub OU's to discover/not discover would be really handy in this scenario. The same applies for system/computer discovery also.
40 votesThis is complete for System Discovery but not for User Discovery.
-
Add option to exclude containers/OUs from Group Discovery
Hereās the problem. Systems exist in the Domain Computers group and other groups, so any recursive discovery of groups for the domain will put the partial system discovery back in the system.
https://docs.microsoft.com/en-us/sccm/core/servers/deploy/configure/configure-discovery-methods#bkmk_config-adsd
Starting in version 1806, select subcontainers (and/or OUs?) to exclude from this recursive search. This option helps to reduce the number of discovered objects. Select Add to choose the containers under the above path. In the Select New Container dialog box, select a child container to exclude. Select OK to close the Select New Container dialog box.
Tip
The list of Active Directory containers in the Activeā¦40 votes -
Azure AD Group Discovery - Discover Intune Enrolled Devices
Today in the Modern workplace of Autopilot provisioning; Organizations decide to keep everything on Azure Active Directory (Device Identity and User identity) with co-management capabilities.
Currently Azure AD Group Discovery does support to discover only cloud based resources.. But to enable Advanced deployment targeting; it would be better to enable these discovery methods.
(i) Able to discover Hybrid Users as well not only for Cloud Users
(ii) Able to discover AAD Joined devices through Device Discovery especially Intune and Autopilot enrolled.Through this; organizations will be able to create SCCM Deployments with Device and User Group Membership through Advanced customizedā¦
36 votes -
AD Group Discovery should not write DDR for invalid records
When System Discovery finds an object that seems invalid, currently it won`t be imported (which is good).
ERROR: System <systemname> is a unsupported operating system, unsupported version, or malformed AD entry. Reported system type is: ().
However if the same object has an AD Group Membership and AD Group Discovery finds it, it won't check if it is valid, but write the DDR and create the object record in SCCM DB.Please change AD Group Discovery so it validates new objects too.
35 votes -
Add Windows Build Subversion "BUILDEXT" collection for Windows Server 2016
The previous request that was suggested and implemented was completed only for Windows 10, it is desired that the new system discovery "BuildExt" be extended to return the same information that it does currently in 1802 for Windows 10 for Windows Server 2016 as well.
Add Windows Build Subversion "UBR" collection to the default HINV classes
The UBR registry key is responsible for displaying the subversion of a Windows Server 2016 or Windows 10 build to a patch administrator or end-user. For example 14393. where is the UBR string. If this is added to the HINV list of default classesā¦31 votes -
Extend AD discovery to work with Multivalue Attributes
Please extend AD discovery to work with Multivalue Attributes.
For the moment, only the first value from the multivalued attribute is discovered.28 votes -
Make Software Inventory scan cycle useful again
Software Inventory scan cycle (file scanning) of just Program Files can be ridiculously slow where it can run for over 12 hours or more which impacts all other inventory scan cycles. Worse still, if user powers down or restarts client the scan restarts from scratch. Disabling throttling is still too slow ( due to its use of WMI according to Tier 3) and not supported.
We would like a usable Software (file) Inventory scan cycle.27 votes -
Create ddr even if system discovery cannot ping/nslookup device
Create ddr even if system discovery cannot ping/nslookup device. Primary server is behind firewall due to network decision, therefore system discovery fails. Checkbox that will create DDR without successful nslookup or ping would allow us to discover devices.
23 votes -
Allow exclusions by Active Directory group for system discovery
Currently, you can exclude discovery of machines by OU. While great, some systems can not be organized easily into one or a few OUs.
Requesting a feature be added to allow the same functionality but exclude systems from system discovery that are in a specific Active Directory group.
19 votes -
Get MAC Address from AD
It would be useful to get the MAC address (or convert the netbootGUID attribute to MAC address) from computer objects discovered in AD.
In our environment, new computers are prestaged in AD which then end up discovered by system discovery and added to SCCM. Existing computers which have not had the SCCM client installed are also discovered and added to SCCM. However, when either a brand new machine or existing machine without the client installed needs imaged, the existing object in SCCM needs deleted, and then a new object needs imported with the MAC address so the machine can PXEā¦
18 votes -
Allow the ability through Config Manager Client Settings to set Deferral of Upgrades (CB/CBB) for Windows 10 Clients
It would be ideal to be able to defer feature upgrades for Windows 10 via Client settings to avoid having to use a GPO. This would avoid the current dual scan issue with GPOs and WUfB Policy Settings.
15 votes -
CSS : Need an option to discover objects from Secure LDAP domains
In ConfigMgr till 1610, we just have option to discover object from LDAP but My customers are looking for an option to discover objects over Secure LDAP where the domains are installed in DMZ.
14 votes -
Active Directory Group Discovery
Active Directory Group Discovery
As the title states it's a discovery method meaning it simply creates new resources (and/or updates values of attributes).
It never deletes groups that no longer exist in AD.
Wouldn't it be good to have a mechanism that keeps the SCCM in sync with AD (especially for groups and users)?
Thanks for taking this into consideration.13 votes -
Filter discovery based on AD Attributes
Add the option to filter out objects based on attributes.
examples:
where "Operating System Name" -notlike "%2003" and"Operating System Name" -notlike "%5.1" and -notlike "%OSX%"
where "Description" -notlike "%Physical%"
Where "OrganizationalUnit" -ne "OU=Disabled Objects,DC=contoso,DC=com"it might delay the scan for each object and cause the discovery to take more time, but on the other hand make it more useful and stop discovering unwanted objects to the DB
12 votes -
AD forest discovery fails with "unexpected exception"
AD forest discovery fails and does not continue parse through the other forests after and "Discovery is being aborted due to an unexpected exception".
We would like to see where the discovery sees that it cannot contact or reach any given forest but is able to continue with the other forests to collect the data.
10 votes
- Don't see your idea?