Exclude OU From AD System Discovery RRS feed

  • Question

  • I would like to configure AD System Discovery to discover all systems in the domain, but one OU (the OU has a few nested OU's as well).

    What is the easiest way to do this?

    Tuesday, May 19, 2009 9:37 PM


All replies

  • Remove read access for the siteserver to that OU.

    Tuesday, May 19, 2009 9:42 PM
  • Thanks.  Is there a way to do it with an LDAP query in System Discovery instead?

    Tuesday, May 19, 2009 10:03 PM
  • Not that I am aware of.
    Tuesday, May 19, 2009 10:08 PM
  • So this is the way that everyone does system discovery??  That seems crazy to me.
    Tuesday, May 19, 2009 10:13 PM
  • The only other way would be to explicitly list every single sub-ou in a custom ldap, except for the one you do not want.   Yes, that's the way most people do that... assuming they have System Discover on at all.  You don't "have" to have it.  Not technically.  If you don't push the client from the console, you don't have to discover systems in AD.  You could rely on either WSUS to deploy your clients, or a GPO startup script, and then only rely on Heartbeat Discovery to keep records up to date, and forget about AD system discovery.  But that's a infrastructure/design choice, and is not ideal for every environment.
    Standardize. Simplify. Automate.
    Tuesday, May 19, 2009 11:59 PM