In the previous post, we installed configuration manager.
In this post we will set boundaries and enable discovery methods for Configuration Manager.
Boundaries are locations that contain devices to manage. This can be IP Subnets, AD Sites, IPv6 prefixes, and IP Address Ranges.
Boundary groups enable automatic site assignment for clients, and directs clients to content locations (DPs, SMP) and will define the connection speed (fast vs. slow).
There are several types of boundary discovery methods that will help you populate Configuration Manager. Resource Discovery methods find manageable objects. Such as AD Forest, AD User, AD Group Discovery, Network Discovery, and Heartbeat Discovery. I will cover all of them, however I do not use Network Discovery or Heartbeat Discovery.
Load up Configuration Manager.
Select Administration. Under Overview select Boundaries.
The first boundary can be the local subnet the machines are running on. For example all of the machines in the lab:
You can create multiple boundaries for different subnets. And you can consolidate the boundaries into a boundary group. Under Hierarchy Configuration, select Boundary Groups and right click to select Create Boundary Group. Any clients in the subnet will be in this Boundary Group. This boundary group will then be associate to the BP1- Blue Palace headquarters site. The site’s content location will also be defined as the ConfigMgr server.
Boundaries can be the Active Directory site, for example the default AD site we have already created. The idea being the best way to logically define how and where these boundaries will exist will best benefit management of our enterprise.
You can set multiple boundaries for example, multiple subnets in a site. In this example, I only have 2 subnets to look at, but I will add them both to the Boundary Group.
In this boundary you set up the site collection server and the link.
Discovery of Systems
Now we can set up the discovery methods. There are several types to use for example; Active Directory Forest Discovery, Active Directory Group Discovery, Active Directory System Discovery, Active Directory User Discovery, Heartbeat Discovery and Network Discovery.
Active Directory Forest Discovery
Forest Discovery is not used for populating the Assests And Compliance with information. It’s for the entire site and hierarchy. It is mostly used to determine what active directory is set up as, and if any major changes happen, such as a subsite is added. I leave it enabled by default.
Active Directory Group Discovery
To look for a generic group discovery select Enable Active Directory Group Discovery, and select ADD. From Add select location, and point it to the computers OU.
Polling schedule will ask how often this discovery method will scan active directory.
Options will give you the option of finding inactive (non-logged on) computers and/or computers that have not updated their password in a set time.
Active Directory System Discovery
Active Directory System Discovery is sometimes useful for grabbing computer accounts. Although the problem is that every account in active directory isn’t always a working computer, computers can be renamed and there may not be a computer. There have been changes to this discovery method as there is now the option to search for computers that have only been logged on to in a certain number of days and to only discover computers that have updated their computer account password in a number of days. You can even set what attributes you want to capture from Active Directory.
Network Discovery may not always be helpful, as it may gather objects and systems that you can’t actually manage. What you are really looking for is windows devices. You can look for subnets, domains, snmp community names (like networking gear), specific devices, and DHCP servers. This is nice if you have machines in a Workgroup. I leave this at disabled.
Heartbeat discovery ensures that discoverd objects remain discovered. Once a week there is communication between the client and server that ensures the entry will remain in the database. I leave this enabled by default.
Now that we have discovered some systems, we can push the client to them in the next post.