Configuration manager discovery techniques find several devices on your network, devices and users from Active Directory, or users from Azure Active Directory. When it comes to using a discovery method, it is important to understand its available configurations as well as limitations.
Unlike other Active Directory discovery techniques, Forest Discovery does not discover resources that one can handle. Rather than, this method figures out network locations that are configured in Active Directory. It can convert such locations into boundaries for use throughout your hierarchy.
When this technique runs, it searches the local Active Directory forest, each known forest, and each additional forest that you can configure in the Forests node of the Configuration Manager console. You can use Forest Discovery to:
Discover Active Directory sites as well as subnets, and create Configuration Manager Boundaries on the basis of network locations.
Figure out supernets that are allocated to an Active Directory site. Convert all supernet into an IP address range boundary.
Publish to Active Directory Domain Services in a forest when it comes to publishing to that forest is enabled. The Active Directory Forest Account should have all the permissions to that forest.
One can manage Active Directory Forest Discovery in the console. After that, go to the Administration workspace as well as expand Hierarchy Configuration.
Enable it to run at the top-level site of your hierarchy. One can specify a simple schedule to run discovery. Then, configure it to create boundaries from the IP subnets as well as Active Discovery sites that it discovers. It cannot run at a primary child site or a secondary website.
Active Directory Forest
Arrange the additional forests to discover, specify all Active Directory Forest Account, and then arrange publishing to all forests. Check out the Microsoft access discovery process. Add IP subnets as well as Active Directory sites as Configuration Manager Boundaries as well as members of boundary groups.
When it comes to configuring publishing for Active Directory forests for all sites in your hierarchy, it is good to connect your Configuration Manager console to the top-level site of the hierarchy. The Publishing tab can show only the current site as well as its child sites. When it comes to enabling publishing for a forest, that forest’s schema is extended for Configuration Manager; information is published for all sites that are enabled to publish to that Active Directory forest.
- One can use this method to search Active Directory Domain Services in order to figure out:
- Local, global, and universal security groups
- The group membership
- Limited details about a group’s member computers as well as users, when another discovery method has not discovered those computers as well as users.
This method is intended to check out groups and the group relationships of members of groups. By default, all security groups are discovered. Suppose you are willing to find the membership of distribution groups. In that case, you can check out the box for the option – Discover the membership of distribution groups on the Options tab in the Group Discovery Properties dialog box.
Group Discovery does not handle the extended Active Directory features that can be acknowledged by using System Discovery or User Discovery. Because this method is not optimized to determine computer as well as user resources, reflect running this discovery technique after you have run Active Directory System Discovery and Active Directory User Discovery. This is suggested because this method can create a full discovery data record (DDR) for groups, but only a limited DDR for computers as well as users that are members of groups.