locked
AD System Group Discovery not updating System OU Name on computer object when computer moves OU RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    2 related questions.

    1. We have noticed that computer objects (active clients) in ConfigMgr are not getting their System OU Name discovery data updated when a computer account is moved from one OU to another, and AD System Group Discovery runs. Since we are basing some of our Software Updates collections on AD OU name, these systems are not falling into their required collections.

    2. On a few occasions we are also seeing duplicate computer objects being created. One new record from AD System Discovery, which contains the correct 'new' System OU Name, and one 'old' computer object from before the computer account was moved to a different OU in AD. The heartbeat discovery of this second object is still updating e.g. showing new heartbeats, but the computer object still shows the old System OU Name from before the computer account was moved in AD. If we delete both objects and run a Discovery Data Collection Cycle from the client, and AD System Group Discovery, then we get one new record with the correct 'new' set of System OU names.

    This duplicates issue is happening in both our Central Primary Site and our other child Primary site. Both sites are set to create new client records for duplicate hardware IDs, and there is a possibility we're seeing the duplicate records on machines that have been re-imaged and redeployed at some point.

    It's my understanding that it is AD System Group Discovery that updates the System OU Name property on client objects. We have this set to run every 4 hours. I'm not seeing any errors in the adsysgrp.log. Any idea why discovery is not updating the System OU Name information when a computer account moves OU? As far as I understand it, nothing additional is required to happen from the client end for this property to get updated.
    Thursday, November 19, 2009 11:03 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    The only thing I can think of would be ad sys group discovery not running at the site where the client is assigned to?
    "Everyone is an expert at something" Kim Oppalfens Configmgr expert for lack of any other expertise. http://www.scug.be/blogs/sccm
    Tuesday, December 1, 2009 8:07 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    What is the scope of AD system group discovery? Is the new OU (where the client was moved to) also part of AD system group discovery?
    Thursday, November 19, 2009 11:14 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Currently, the discovery scope is the entire domain including all child OUs. So yes, ConfigMgr does already 'know' about the OU that the computer has been moved to.
    Thursday, November 19, 2009 4:36 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Anyone? #1 is the most important issue I'm looking for an answer on... thanks
    Monday, November 23, 2009 2:46 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Any errors in adsysgrp.log?

    Monday, November 23, 2009 3:07 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    No, no errors in adsysgrp.log although the log does wrap several times when it runs. What would I be looking for specfically? There are no errors at the end of the log file when it completes.
    Tuesday, November 24, 2009 1:02 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Anyone? 1 week bump!
    Tuesday, December 1, 2009 5:47 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    That process is usually straight forward and does not cause any issues. Bring up the properties of a client (in a collection in the admin console) and check if the timestamp for AD system group discovery was updated.
    • Proposed as answer by Garth JonesMVP Friday, January 6, 2012 4:21 AM
    Tuesday, December 1, 2009 7:21 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    The only thing I can think of would be ad sys group discovery not running at the site where the client is assigned to?
    "Everyone is an expert at something" Kim Oppalfens Configmgr expert for lack of any other expertise. http://www.scug.be/blogs/sccm
    Tuesday, December 1, 2009 8:07 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    The only thing I can think of would be ad sys group discovery not running at the site where the client is assigned to?
    "Everyone is an expert at something" Kim Oppalfens Configmgr expert for lack of any other expertise. http://www.scug.be/blogs/sccm

    HI Everyone..

    ANy reply or correct answer to this question???

    Same problem even i have. Duplicate machine names created when machine moved to different sites.

    And also, AD sys group discovery running on all the sites (i have 4 sites).

    System Security analyst at CapG

    Friday, February 14, 2014 7:44 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    What do you mean by you have duplicate machine names? Have you reviewed the discovery logs?

    http://www.enhansoft.com/

    Friday, February 14, 2014 10:24 AM