locked
Exclude Disable computer object from active directory forest Discovery & active directory system Discovery RRS feed

  • Question

  • Hi All,

    We had more than 40000 + computer in our AD in that almost 1000 + computers are disable but these disable computers are also seen in SCCM how we can Exclude Disable computer object from active directory forest Discovery & active directory system Discovery

    Regards,

    Tejas Bandekar

    Friday, August 28, 2015 7:34 AM

Answers

  • Hi,

    You cannot exclude an OU, well you could be denying the SCCM Server permissions to that OU, not pretty.

    Create a new OU top-level and then change the System Discovery agent and include the OU you want to include and not so scan the whole AD.

    /jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    • Proposed as answer by Garth JonesMVP Saturday, September 5, 2015 3:56 PM
    • Marked as answer by Garth JonesMVP Saturday, September 26, 2015 1:39 PM
    Friday, August 28, 2015 9:29 AM
  • AD Discovery automatically excludes disabled computer accounts -- there's nothing for you to do and this is not configurable. Don't confuse discovery with synchronization though. Discovery *discovers*, it does not remove resources because that has nothing to do with discovery. If you want to remove these objects, simply delete them. You can easily script this also. There are a couple of PowerShell scripts available that you can base this on including one from Peter Dalmaans and one from Trevor Sullivan (just search their blogs and/or the Microsoft TechNet script center for them).

    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Proposed as answer by Garth JonesMVP Saturday, September 5, 2015 3:56 PM
    • Marked as answer by Garth JonesMVP Saturday, September 26, 2015 1:39 PM
    Saturday, August 29, 2015 9:58 PM

All replies

  • Hi,

    I normally move all disabled computer account to an OU and make sure that that OU in not included in System Discovery.

    How long ago was it the computers was disabled? is the maintenace thask enabled for cleaning them out? default is 90 days.

    regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    Friday, August 28, 2015 7:43 AM
  • Hi Jorgen,

    Thanks for reply,

    Can you guide us how we can exclude OU in system discovery.

    Note : Computer disable activity is our monthly activity which disable computer object which not log in since 30 days.

    Friday, August 28, 2015 8:50 AM
  • Hi,

    You cannot exclude an OU, well you could be denying the SCCM Server permissions to that OU, not pretty.

    Create a new OU top-level and then change the System Discovery agent and include the OU you want to include and not so scan the whole AD.

    /jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    • Proposed as answer by Garth JonesMVP Saturday, September 5, 2015 3:56 PM
    • Marked as answer by Garth JonesMVP Saturday, September 26, 2015 1:39 PM
    Friday, August 28, 2015 9:29 AM
  • AD Discovery automatically excludes disabled computer accounts -- there's nothing for you to do and this is not configurable. Don't confuse discovery with synchronization though. Discovery *discovers*, it does not remove resources because that has nothing to do with discovery. If you want to remove these objects, simply delete them. You can easily script this also. There are a couple of PowerShell scripts available that you can base this on including one from Peter Dalmaans and one from Trevor Sullivan (just search their blogs and/or the Microsoft TechNet script center for them).

    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Proposed as answer by Garth JonesMVP Saturday, September 5, 2015 3:56 PM
    • Marked as answer by Garth JonesMVP Saturday, September 26, 2015 1:39 PM
    Saturday, August 29, 2015 9:58 PM