Post 8 – How to set boundaries and enable discovery methods

In the previous post, we installed configuration manager.

In this post we will set boundaries and enable discovery methods for Configuration Manager.

Boundaries are locations that contain devices to manage. This can be IP Subnets, AD Sites, IPv6 prefixes, and IP Address Ranges.

Boundary groups enable automatic site assignment for clients, and directs clients to content locations (DPs, SMP) and will define the connection speed (fast vs. slow).

There are several types of boundary discovery methods that will help you populate Configuration Manager. Resource Discovery methods find manageable objects. Such as AD Forest, AD User, AD Group Discovery, Network Discovery, and Heartbeat Discovery. I will cover all of them, however I do not use Network Discovery or Heartbeat Discovery.

Load up Configuration Manager.

system center pg

Configuration Manager interface

Select Administration. Under Overview select Boundaries.

The first boundary can be the local subnet the machines are running on. For example all of the machines in the lab:

local office boundary

Create Boundary

You can create multiple boundaries for different subnets. And you can consolidate the boundaries into a boundary group. Under Hierarchy Configuration, select Boundary Groups and right click to select Create Boundary Group. Any clients in the subnet will be in this Boundary Group. This boundary group will then be associate to the BP1- Blue Palace headquarters site. The site’s content location will also be defined as the ConfigMgr server.


Our Boundary Group general properties


Our Boundary Group References

Boundaries can be the Active Directory site,  for example the default AD site we have already created. The idea being the best way to logically define how and where these boundaries will exist will best benefit management of our enterprise.

local AD site

Default AD site

You can set multiple boundaries for example, multiple subnets in a site. In this example, I only have 2 subnets to look at, but I will add them both to the Boundary Group.

our boundary group

Creating a boundary group

In this boundary you set up the site collection server and the link.


Boundary Group references

Discovery of Systems

Now we can set up the discovery methods. There are several types to use for example; Active Directory Forest Discovery, Active Directory Group Discovery, Active Directory System Discovery, Active Directory User Discovery, Heartbeat Discovery and Network Discovery.

Active Directory Forest Discovery

Forest Discovery is not used for populating the Assests And Compliance with information. It’s for the entire site and hierarchy. It is mostly used to determine what active directory is set up as, and if any major changes happen, such as a subsite is added. I leave it enabled by default.

AD forest discovery

Active Directory Forest Discovery

Active Directory Group Discovery

To look for a generic group discovery select Enable Active Directory Group Discovery, and select ADD. From Add select location, and point it to the computers OU.

ad group discovery1

Active Directory Group Discovery

Polling schedule will ask how often this discovery method will scan active directory.

ad group discovery2

Active Directory Group Discovery polling schedule

Options will give you the option of finding inactive (non-logged on) computers and/or computers that have not updated their password in a set time.

ad group discovery3

Active Directory Group Discovery options

Active Directory System Discovery

Active Directory System Discovery is sometimes useful for grabbing computer accounts. Although the problem is that every account in active directory isn’t always a working computer, computers can be renamed and there may not be a computer. There have been changes to this discovery method as there is now the option to search for computers that have only been logged on to in a certain number of days and to only discover computers that have updated their computer account password in a number of days. You can even set what attributes you want to capture from Active Directory.

ad system discovery

Active Directory System Discovery

Network Discovery

Network Discovery may not always be helpful, as it may gather objects and systems that you can’t actually manage. What you are really looking for is windows devices. You can look for subnets, domains, snmp community names (like networking gear), specific devices, and DHCP servers. This is nice if you have machines in a Workgroup. I leave this at disabled.

Heartbeat discovery

Heartbeat discovery ensures that discoverd objects remain discovered. Once a week there is communication between the client and server that ensures the entry will remain in the database. I leave this enabled by default.


Now that we have discovered some systems, we can push the client to them in the next post.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s