Installing and Configuring SCCM 2016 – Stage 3 Setting up Discovery and Boundaries

In the previous two posts in this series we went through installing and configuring all the necessary prerequisites for SCCM 2016 and then installed SCCM 2016.  That’s great we now have SCCM 2016 installed, the basics configured correctly and are ready to go.  We now just need to know how to use it!

Essentially what is SCCM and why do we want to spend all this time and money setting it up?  Well hopefully your answer should be along the lines of you needing an enterprise level solution to manage your organisation’s users and devices.  In order to manage these users and devices we first need to tell SCCM to discover which users and devices we have available.  During this process SCCM can also discover the network infrastructure for your environment.

The relevant Technet article also states that a data record or DDR is created for each discovered object and that this is then stored in the SCCM database.  Once the discovery process has successfully discovered a resource all the information about that resource is placed in the DDR or discovery data record file.  These DDR files are processed by site servers and the information is then written to the SCCM database.  The discovery information can be used to create custom queries and collections that group resources for certain management tasks such as deployment of new software.  It should be noted that before we roll out the SCCM agent we need to run discovery first to find the computers.

Discovery Methods

There are several methods that we can use to discover resources in SCCM.  I will quickly run through what each one does.

Active Directory Forest Discovery
This method can discover Active Directory sites and subnets.  Once discovered SCCM will create boundaries for each site and subnet.  Technet also states that we can use a user-defined account to discover resources for each forest.

Active Directory System Discovery
This method simply discovers computers from specified locations in Active Directory.

Active Directory User Discovery
Similar to the System Discovery method only this discovers user accounts in the specified location in Active Directory.

Active Directory Group Discovery
As the title suggests this method discovers local, global and universal security groups.  It also discovers the membership within these groups (and the memberships within distribution groups) in Active Directory.  It should be noted that Distribution groups are not discovered as group resources.

Heartbeat Discovery
This method is used by SCCM clients to update their discovery records in the database.  The method can also be used to force discovery of a computer as a new resource record or it can repopulate the database record of a computer that was deleted from the database.

Network Discovery
This method will search your network for any network devices that have an IP address.  It can discover devices that may not be found by other discovery methods and includes printers, routers and bridges.

To discover the resources in our organisation we are going to enable the our discovery methods below:

1. Active Directory Forest Discovery
2. Active Directory Group Discovery
3. Active Directory System Discovery
4. Active Directory User Discovery

Active Directory Forest Discovery

To begin open the System Center 2016 Configuration manager console.  In the left hand pane, near the bottom select the Administration button.  Then expand Hierarchy Configuration and select Discovery Methods.

From the pane on the right, double click on Active Directory Forest Discovery.  Check all the boxes in this window to enable Active Directory Forest Discovery.  Once you have done this click Apply and all the Site Boundaries and IP address boundaries are created automatically.

As soon as you click Apply you will be asked whether you want to run a full discovery as soon as possible.  Click Yes to this and then click OK.

Active Directory Group Discovery

Double click on the Active Directory Group Discovery option and select the Enable Active Directory Group Discovery checkbox.  We now need to add either the groups or the location where the groups exist.  Click Add and then click Location, this is preferable to using the Groups option as it is faster.

You can now click browse to specify a particular location.

You can now choose a specific container but I always just choose my entire domain robnet.  When you have selected your choices click OK.

Give the the groups a valid name and then click OK

The group name you entered should then appear below in the discovery scope.

Next click the Polling Schedule tab to see how often SCCM is going to poll AD to discover the groups.  Click the Schedule button.

You can change this to whatever you wish but I prefer to change the schedule to every 1 day.  Once this is changed the Active Directory Group Discovery method will run every 1 day.  Click OK when finished.

Click on Options, then select the first checkbox to Only discover computer that have logged on to the domain in a given period of time.  We can leave the Time since last logon at 90 days.  Then select the second checkbox to Only discover computers that have updated their computer account in a given period of time.  Again we can leave this at 90 days.

Finally select the third checkbox to Discover the membership of distribution groups and click OK.

You will again be asked if you want to run a discovery as soon as possible, click Yes to this.

Active Directory System Discovery

Double click on the Active Directory System Discovery option and click the checkbox to Enable Active Directory System Discovery.

Click on the orange icon (that looks a bit like a picture of the sun).  We now need to specify a location for the Active Directory search so click Browse.

Select your domain and then click OK.

The Path is then automatically filled out for you, click OK.

You should now see your domain listed below for the Active Directory System Discovery.

Next click Options and check the first checkbox to Only discover computers that have logged on to the domain in a given period of time, leave the Time since last logon at 90 days.  Also check the box for Only discover computers that have updated their computer account password in a given period of time.  Again leave the Time since last password update at 90 days.

Click OK and you will see the familiar prompt asking if you want to run a full discovery as soon as possible.  Click Yes to this.

Active Directory User Discovery

Next double click the Active Directory User Discovery  option and enable Active Directory User Discovery by clicking on the checkbox.

Click on the orange icon and then click on the Browse button.

Select your domain and then click OK.

Ensure that the Path has populated and then click OK.

Your discovery options for the Active Directory User Discovery should appear as below once configured.  Click OK when ready.

Again click Yes to run a full discovery as soon as possible.


As discussed in the TechNet article a boundary is essentially a network location on the intranet that can contain one or more of the devices that you want to manage.  Boundaries can be IP subnets, Active Directory site names, IPV6 Prefixes or an IP address range.  The hierarchy can include an combination of these boundary types.

Before we can use a boundary we have to add one or more boundary groups.  Boundary groups are collections of boundaries.  By using boundary groups, clients on the intranet can find an assigned site and locate content when they have to install software such as applications, software updates and operating system images.  when we ran the Active Directory Forest Discovery earlier the boundaries were discovered automatically.

In the SCCM console click on the Boundaries option to check that our boundaries were discovered.

We now need to add the Boundary that was created to the Boundary Groups.  To do this click on Boundary Groups, then right click on Boundary Groups and click Create a boundary group.

Give the Boundary Group a name, I just used Boundary Group 1 and then click Add.

Then select the boundary, we only have the one boundary that was automatically discovered so just select this and  click OK.

Click on the references tab and click the checkbox to Use this boundary group for site assignment.

Click Add and then select your Site System Server then click OK.

Your Site System Server should now be visible as below, then click OK.

You should then see your boundary group appear in the Boundary Groups list with the name that you specified.

If you now click Boundaries and right click on your Default-First-Site-Name and click properties you will see that Boundary Groups 1 has been added to the Boundary Groups tab automatically.

Leave a Reply

Your email address will not be published. Required fields are marked *