Part 5 - Setting up Discovery Methods and Boundaries

09-21-2020 10:55 AM

BEFORE YOU BEGIN

DISCOVERY METHODS

In my previous blog post Part 4 we completed the basic installation of Microsoft Endpoint Configuration Manager including the SQL, Distribution Point and Management Point configuration.

In Part 5, I will walk you through the configuration of discovery methods and boundaries.

WHAT IS DISCOVERY METHODS?

Discovery methods are used in Microsoft Endpoint Configuration Manager to find device and user resources that you can manage. You can also use discovery to identify network infrastructure in your environment. There are several different methods you can use to discover different things, and each method has its own configurations and limitations.

The following are the available discovery methods:

  • Active Directory Forest Discovery

  • Active Directory Group Discovery

  • Active Directory System Discovery

  • Active Directory User Discovery

  • Heartbeat Discovery

  • Network Discovery

  • Server Discovery (hidden)

Read more about Discovery Methods here

In this blog post, I'll be looking at the Active Directory Forest, System, User and Heartbeat discovery. If you need more information about discovery methods, click here

It has been a while since my last blog post, but I've been busy and then came something called COVID-19😷but since my last post I've upgraded my lab with latest Windows 10 ADK and WinPE for Windows 10 (2004) and Microsoft Endpoint Configuration Manager has been upgraded to CB 2006.

Windows 10 ADK and WinPE can be download from here (They are two separate downloads...)

Let's get started with the discovery method configuration.

Step 1. Type "Configuration" in the search line next to the start button, and click "Configuration Manager Console"

Configuration Manager - Discovery Methods

Step 2. Navigate to "Administration" and click "Updates and Servicing". As mentioned above, I've upgraded my lab to CB 2006 since my last blog post.

Configuration Manager - Discovery Methods

Step 3. In "Administration", expand "Hierarchy Configuration" and then click "Discovery Methods"

Configuration Manager - Discovery Methods

Step 4. Right-click on "Active Directory Forest Discovery" and click "Properties". Check the "Enable Active Directory Forest Discovery" box. Leave everything default and click "OK"

Configuration Manager - Discovery Methods

Step 5. Click "Yes" to run a full discovery as soon as possible.

Configuration Manager - Discovery Methods

Step 6. Right-click on "Active Directory System Discovery" and click "Properties". Check the "Enable Active Directory System Discovery" box and click the "Create Icon".

Configuration Manager - Discovery Methods

Step 7. Now click "Browse..." and find your computer OU. Leave everything default and click "OK"

Configuration Manager - Discovery Methods
Configuration Manager - Discovery Methods

Step 8. Select the tab "Polling Schedule" and leave everything default. This is where you can change the frequency for system discovery.

Configuration Manager - Discovery Methods

Step 9. Select the tab "Active Directory Attributes" and leave everything default. This is where you can select custom attributes to be included during system discovery.

Configuration Manager - Discovery Methods

Step 10. Select the tab "Options" and leave everything default. Although in a real-world scenario I would recommend that you check the "Only discover computers that have logged on to a domain in a given period of time" box. Click "OK"

Configuration Manager - Discovery Methods

Step 11. Click "Yes" to run a full discovery as soon as possible.

Configuration Manager - Discovery Methods

Step 12. Right-click on "Active Directory User Discovery" and click "Properties". Check the "Enable Active Directory User Discovery" box and add the user OU like we did in step 6-7 for the computer OU.

Configuration Manager - Discovery Methods

Step 13. Select the tab "Polling Schedule" and leave everything default. This is where you can change the frequency for user discovery.

Configuration Manager - Discovery Methods

Step 14. Select the tab "Active Directory Attributes" and leave everything default. This is where you can select custom attributes to be included during user discovery. Click "OK"

Configuration Manager - Discovery Methods

Step 15. Click "Yes" to run a full discovery as soon as possible.

Configuration Manager - Discovery Methods

Step 16. Right-click on "Heartbeat Discovery" and click "Properties". Leave everything default. This discovery method is enabled by default.

Configuration Manager - Discovery Methods

Step 17. Navigate to "Assets and Compliance" and click "Users". The "Active Directory User Discovery" has found my two users.

Configuration Manager - Discovery Methods

Step 18. Click "Devices" and we will see that the "Active Directory System Discovery" has not found any new clients, which is OK since I don't have any clients in my LAB yet.

But wait a second! The site server "CM" is not in the defined computer OU for the "Active Directory System Discovery". So why is it there and without a client installed? Regarding the missing client installation on the site server "CM", by default the client won't be installed on site systems, but that can be changed in the "Client Push Installation Properties".

The reason we are able to see the site server "CM" is because there is actually a "hidden" discovery method called "Server Discovery" which is an automatic discovery method. It finds computers that we use as site systems and it can't be configured or disabled.

Configuration Manager - Discovery Methods

BOUNDARIES

Now that discovery methods for this LAB has been configured, let's continue with the boundaries and boundary group configuration which is important in order to manage devices on your network.

WHAT IS BOUNDARIES?

Microsoft Endpoint Configuration Manager boundaries are locations on your network that contain devices that you want to manage. You can create different types of boundaries, for example, an Active Directory site or network IP address. When the Configuration Manager client identifies a similar network location, that device is a part of the boundary.

Configuration Manager supports the following boundary types:

  • IP subnet

  • Active Directory site

  • IPv6 prefix

  • IP address range

  • VPN (Starting in version 2006) **

** Starting in version 2006, to simplify managing remote clients, create a boundary type for VPNs. When a client sends a location request, it includes additional information about its network configuration. Based upon this information, the server determines whether the client is on a VPN.

Read more about Boundaries here

Step 1. Navigate to "Administration", expand "Hierarchy Configuration", right-click on "Boundaries" and click "Create Boundary"

Configuration Manager - Boundaries

Step 2. Enter a description and select a boundary type. I'll recommend "IP address range". Click "OK"

Configuration Manager - Boundaries

The new boundary should appear in the "Boundaries" list.

Configuration Manager - Boundaries

Something to think about...

Boundary Groups

WHAT IS BOUNDARY GROUPS?

Use boundary groups in Microsoft Endpoint Configuration Manager to logically organize related network locations (boundaries) to make it easier to manage your infrastructure. Assign boundaries to boundary groups before using the boundary group.

By default, Configuration Manager creates a default site boundary group at each site.

To configure boundary groups, associate boundaries (network locations) and site system roles, like distribution points, to the boundary group. This configuration helps associate clients to site system servers like distribution points that are located near the clients on the network.

Read more about Boundary Groups here

Step 1. Right-click on "Boundary Groups" and click "Create Boundary Group"

Configuration Manager - Boundaries

Step 2. Enter a name and click "Add..."

Configuration Manager - Boundaries

Step 3. Check the "IP Address Range" boundary box and click "OK"

Configuration Manager - Boundaries

Step 4. Select the tab "References" and check the "Use this boundary group for site assignment" box. Add your site server to the list of site system servers and click "OK"

Configuration Manager - Boundaries

The new boundary group should appear in the "Boundary Group" list.

Configuration Manager - Boundaries

Avoid overlapping boundaries for automatic site assignment

This should conclude the configuration of discovery methods and boundaries. In Part 6 I'll be setting up the site system role for Software Update Point and I will give you a walk-through of the maintenance configuration for WSUS and SQL.

If you have any questions regarding this topic, feel free to reach out to me. I am most active on Twitter!

Last updated

Was this helpful?