Remove From My Forums

SCCM Collection not updating all computers from OU.

Question
0

Sign in to vote

Hi Techs

Just looking for some guidance to resolve this issue. I am getting issue in pulling up all computers in an OU to show up in collection from Active Directory.

Active directory System discovery is enabled.

There are 30 computers in an OU. There is a query currently running to pull all computers from that OU to collection to deploy a software. But only 20 computers, out of 30 is been pulled up and showing up in collection. Collection is already refresh and Updated many times. Thinking, these machines might have issue with the client although showing healthy on console, reinstalled SCCM client on few computers but no change. As a matter of time, we waited for more than 2 days but 10 computers still not showing up in collection. Although these machines are receiving other software deployment advertisements so these atleast shows it is operational in environment.

Finding entry of one of the computer "Machine01" on adsysdis.log of Central site server and found below log. However couldnt found its entry on adsysgrp.log.

adsysdis.log

INFO: DDR was written for system 'MACHINE01' - H:\ServerApps\Microsoft Configuration Manager\inboxes\auth\ddm.box\adsfz4ab.DDR at 5/29/2011 12:0:1

INFO: discovered object with ADsPath = 'LDAP://Serverdc1.domain.COM.AU/CN=MACHINE01,OU=High-End Workstations,OU=New Builds,OU=Devices,DC=ServerDC1,DC=COM,DC=AU'~ $$<SMS_AD_SYSTEM_DISCOVERY_AGENT><Sun May 29 12:30:06.650 2011
WARN: Could not get property (domain) for system (0x80005010)~ $$<SMS_AD_SYSTEM_DISCOVERY_AGENT><Sun May 29 12:30:06.666 2011

Please advise, few computers are not picked by sccm query and not showing up in collection.

Thanks & Regards

Veday

Server Engineer

Sunday, May 29, 2011 1:47 PM

Answers

1

Sign in to vote
How does the collection query look like? You have to run AD system *group* discovery in order to retrieve OU information.
Torsten Meringer | http://www.mssccmfaq.de
- Marked as answer by veday001 Thursday, June 2, 2011 10:16 AM
Wednesday, June 1, 2011 9:04 AM

All replies

1

Sign in to vote
AD System Discovery is not a full synchronization with AD; systems will only be discovered if their computer account in AD is not disabled and the site server can resolve the systems IP Address via DNS. You need to review the adsysdis.log in more detail to find each system that is not discovered and it will list a reason why a DDR was not created.
Jason | http://myitforum.com/cs2/blogs/jsandys | Twitter @JasonSandys
- Proposed as answer by Jörgen NilssonMVP Monday, May 30, 2011 5:26 AM
- Marked as answer by Eric MattoonMicrosoft employee Tuesday, May 31, 2011 2:17 PM
- Unmarked as answer by veday001 Wednesday, June 1, 2011 4:30 AM
Sunday, May 29, 2011 3:16 PM
0

Sign in to vote

·

Hi Veday,

Please check if the following KB article helps:

The Active Directory system discovery process cannot detect a client if the DNS suffix of the client differs from its DNS domain name in System Center Configuration Manager 2007 SP2

More information:

Updates to the Discovery Documentation

Regards,

Sabrina

This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Tuesday, May 31, 2011 6:16 AM
0

Sign in to vote

Sorry for responding late.

Issue may not be with DNS as , i can resolve it from site server with computer name. I reviewed adsysdis.log in more detail and found many machine got DNS issue but the list of machine I am focussing, doesnt come with this error.

INFO: DDR was written for system 'COMPUTER1' - H:\ServerApps\Microsoft Configuration Manager\inboxes\auth\ddm.box\ads1ha13.DDR at 6/1/2011 10:30:1.

INFO: discovered object with ADsPath = 'LDAP://serverdc1.domain.COM.AU/CN=COMPUTER1,OU=High-End Workstations,OU=New Builds,OU=Devices,DC=domain,DC=COM,DC=AU'

WARN: Could not get property (domain) for system (0x80005010)

I check the status of client on console. It is healthy.

What else can be issue?

Any ideas?

Thanks & Regards

Server Engineer

Wednesday, June 1, 2011 4:30 AM
0

Sign in to vote

INFO: DDR was written for system 'COMPUTER1' - H:\ServerApps\Microsoft Configuration Manager\inboxes\auth\ddm.box\ads1ha13.DDR at 6/1/2011 10:30:1.

So discovery is working fine. A DDR was created for 'computer1' and it should show up in the 'all systems' collection (after updating the collection membership and refreshing the console). Please double check ddm.log if there are issues with the DDR being processed.
"WARN: Could not get property (domain) for system (0x80005010)" is just a warning and can be ignored. It has no effect on discovery.
Torsten Meringer | http://www.mssccmfaq.de

Wednesday, June 1, 2011 6:22 AM
0

Sign in to vote

All machines are in SCCM and active. Same machines when pulled from AD - OU doesnt show up in to software deployment collection. There are 30 computers in an OU. There is a query currently running to pull all computers from that OU to collection to deploy a software. But only 20 computers, out of 30 is been pulled up and showing up in collection. These atleast tells query is working fine but there is something different with those 10 computers not been pulled up.

I checked ddm.log, no error as such observed.. please refer to log below:

Refreshing site settings..... SMS_DISCOVERY_DATA_MANAGER 1/06/2011 4:24:35 PM 6004 (0x1774)
Updated inbox def 15, Discovery Data Manager SMS_DISCOVERY_DATA_MANAGER 1/06/2011 4:24:35 PM 6004 (0x1774)
Updated inbox def 45, Discovery Data Manager (Trusted) SMS_DISCOVERY_DATA_MANAGER 1/06/2011 4:24:35 PM 6004 (0x1774)
Updated inbox def 57, Discovery Data Manager (Registration) SMS_DISCOVERY_DATA_MANAGER 1/06/2011 4:24:35 PM 6004 (0x1774)
Updated inbox def 14, Discovery Asst Rules SMS_DISCOVERY_DATA_MANAGER 1/06/2011 4:24:35 PM 6004 (0x1774)
Updated inbox def 65, Discovery Data Manager (Notification) SMS_DISCOVERY_DATA_MANAGER 1/06/2011 4:24:35 PM 6004 (0x1774)
Updated inbox def 9, Data Loader SMS_DISCOVERY_DATA_MANAGER 1/06/2011 4:24:35 PM 6004 (0x1774)
Updated inbox def 10, Software Inventory Processor (Site) SMS_DISCOVERY_DATA_MANAGER 1/06/2011 4:24:35 PM 6004 (0x1774)
Updated inbox def 23, Client Configuration Record (Incoming) SMS_DISCOVERY_DATA_MANAGER 1/06/2011 4:24:35 PM 6004 (0x1774)
DDM is configured to synchronize the network config data (NCF) files at startup and every 15 minutes thereafter. SMS_DISCOVERY_DATA_MANAGER 1/06/2011 4:24:35 PM 6004 (0x1774)
CDiscoverDataManager::GetSiteStatus - Registering SQL types, Server = SQLSVR, Database = SMS_CSS, User = SMS_DISCOVERY_DATA_MANAGER 1/06/2011 4:24:35 PM 6004 (0x1774)
Preparing to sync deletes... SMS_DISCOVERY_DATA_MANAGER 1/06/2011 4:24:35 PM 6004 (0x1774)
No system deletions to replicate. SMS_DISCOVERY_DATA_MANAGER 1/06/2011 4:24:35 PM 6004 (0x1774)
Looking for ClientKeyData changes SMS_DISCOVERY_DATA_MANAGER 1/06/2011 4:24:35 PM 6004 (0x1774)
No ClientKeyData changes to replicate SMS_DISCOVERY_DATA_MANAGER 1/06/2011 4:24:35 PM 6004 (0x1774)

Server Engineer

Wednesday, June 1, 2011 8:25 AM
1

Sign in to vote
How does the collection query look like? You have to run AD system *group* discovery in order to retrieve OU information.
Torsten Meringer | http://www.mssccmfaq.de
- Marked as answer by veday001 Thursday, June 2, 2011 10:16 AM
Wednesday, June 1, 2011 9:04 AM
0

Sign in to vote

Thanks Torsten

Collection Query

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where LOWER(SMS_R_System.SystemOUName) like "Domain.COM.AU/Devices/Builds/x64 Workstations"

AD System Group Discovery is enabled however under Distiguished name it doesnt include above path

                                                          LDAP://CN=Computers,DC=Domain,DC=COM,DC=AU

                                                           LDAP://CN=MANAGED,DC=Domain,DC=COM,DC=AU

However, Under AD System Discovery, it is enabled

                                                            LDAP://CN=Computers,DC=Domain,DC=COM,DC=AU

                                                             LDAP://CN=Devices,DC=Domain,DC=COM,DC=AU

Is there also need for path like LDAP://CN=Devices,DC=Domain,DC=COM,DC=AU under Distinguished name for AD System Group Discovery ?

and also still wondering, how come 20 machines are picked up from Domain.COM.AU/Devices/Builds/x64 Workstations and not rest 10.?

Please advise

Thanks heaps again

Server Engineer

Wednesday, June 1, 2011 12:15 PM
1

Sign in to vote

You can't have a query with the like operator and not use the WQL wildcard: "%".

Also, have you looked at the properties of the individual resources in question to verify that their OU information is populated correctly?
Jason | http://myitforum.com/cs2/blogs/jsandys | Twitter @JasonSandys

Wednesday, June 1, 2011 1:15 PM
0

Sign in to vote

Thanks Jason

Very nice pick.

After adding % to query , it picked one more computer in collection. So count increasted to 21 now. I checked, properties of individual computers by right clicking and didnt find information of OU.

I just reinstalled client on few computers to verify if there may be issue with client itself. I will update outcome tomorrow.

Thanks again Jason/Torsten

Server Engineer

Wednesday, June 1, 2011 2:03 PM
0

Sign in to vote

This has nothing to do with the client itself, so reinstalling won't solve anything. It's the discovery process on the siteserver that adds OU information.
Torsten Meringer | http://www.mssccmfaq.de

Wednesday, June 1, 2011 2:14 PM
0

Sign in to vote

It is surprising...discovery is working fine (INFO: DDR was written for system 'COMPUTER1' - H:\ServerApps\Microsoft Configuration Manager\inboxes\auth\ddm.box\ads1ha13.DDR at 6/1/2011 10:30:1. ) and AD System Discovery is enabled. Verified, computers are also not disabled in AD. what else could go wrong?
Server Engineer

Wednesday, June 1, 2011 2:21 PM
1

Sign in to vote

and AD System Discovery is enabled. Verified, computers are also not disabled in AD. what else could go wrong?

It's still AD system GROUP discovery that adds OU information (see above).
Torsten Meringer | http://www.mssccmfaq.de

Wednesday, June 1, 2011 2:51 PM
0

Sign in to vote

Thanks Torsten

It will be hard for me to justify to management why 21 computers picked up from OU and not rest 9 computers and also for design change to enable AD SYSTEM GROUP discovery targeting

LDAP://CN=Devices,DC=Domain,DC=COM,DC=AU but yes if this is the way so it is.

Server Engineer

Thursday, June 2, 2011 10:15 AM
1

Sign in to vote

If the DistinguishedName attribute is added to the System Discovery method, you can use this query statement:

Mike Crowley | MVP
My Blog -- Baseline Technologies

Friday, June 5, 2015 2:48 PM
0

Sign in to vote
What does AD SYSTEM GROUP have to do with COMPUTER accounts?

Also what does USER OU (in picture above) have to do with COMPUTER accounts?

But anyway, I have 3 computers in OU with 100s of workstation accounts that are not being picked up, no matter what

Seb
- Edited by scerazy Monday, September 28, 2015 11:25 AM
Monday, September 28, 2015 11:19 AM
0

Sign in to vote

FYI i had this problem today where I had changed the OU name and could not get it to update for hours. In my case, if you change and schema, the default is set to only check that once every 7 days.

administration -> hierarchy configuration -> discovery methods -> active directory forest discovery -> set to a few hours, or do a manual refresh by right clicking on the item.

the default is 7 days :(

Monday, July 23, 2018 6:30 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

SCCM Collection not updating all computers from OU.

Question

Answers

All replies