Monday, 11 February 2013

ConfigMgr 2012 / SCCM 2012 SP1 Step by Step Guide Part 6: Boundaries and Discovery

Back to main menu

Part 6 describes the configuration of boundaries, boundary groups and discovery methods

1. Boundary

A boundary can be defined as one of the following:

IP Subnet
IP Range
Active Directory Site

A Config Mgr Site Server (Distribution Point) is then associated with a boundary via Boundary Group. This allows you to control which DPs can serve the boundaries in your organisation (and control Config Mgr traffic over WAN links)

Open Administration/Overview/Hierarchy Configuration.
Right click on Boundaries and select Create Boundary

There are several options to choose when choosing your Boundary type. It is a good idea to use IP ranges or subnets. This allows you greater control of your Config Mgr environment. However, in this case we will keep it simple and choose AD Site.
Choose Active Directory Site and browse AD to choose the site

Right click on Boundary Groups and select New

Enter Name of Group in General tab

Select References tab. Tick the box to use this Boundary Group for site assignment and add your Config Mgr Site System

2. Discovery:

Computers in your organisation are "discovered" in some way so that we can easily deploy a client to them. The most straightforward way to do this is by configuring Active Directory System Discovery.

Open Administration/Overview/Hierarchy Configuration.
Select Discovery Methods and double-click AD System Discovery.

Tick the box to enable and use the yellow star to add Active Directory OUs as required (or you can choose to discover at Domain level).

Confirm that you want to Discover immediately

Clients will begin to appear in Asset and Compliance/Devices almost immediately. Now you can start to install the Config Mgr client on these devices.

Users are discovered by configuring Active Directory User Discovery

Add required OUs

Users discovered. 


  1. Thank you so very much for these posts. I am on a crash course to learn how to install/configure and use Systems Center 2012. Never have used it before, but have been a sys admin for about 15 years now. You guys sure save me a TON of time and headaches!! Thanks!

  2. Mejor explicado imposible! Thank you sir!

  3. Because we have a multi-forest domain, I've set up using both System Discovery and Forest Discovery.

    All three domains have success publishing (after extending), but the two child domains have "Failed to connect using specified account" under Discovery Status.

    Should I be concerned about this?

  4. If publishing has "succeeded" you should be OK. However review the following logs for issues:

    (Records Active Directory Forest Discovery actions)

    (Records Active Directory Group Discovery actions)

    (Records Active Directory System Discovery actions)

    (Records Active Directory User Discovery actions)

  5. Hi Ive been recently given a project to implement SCCM 2012 in our environment, so far Ive gotten it installed and I'm trying to run the network discovery. I know this is not the first choice for discovery, but our environment has a mix of domain and non-domain systems, Ive seen information online about the requirements for Network discovery to work, like having a Windows based DHCP server, enabling and configuring SNMP, but i cant seem to get it to work, SCCM picks up my default gateways (routers) but nothing beyond that.

  6. In my experience Network Discovery doesn't work very well and when it does work it generates a lot of noise. They are so many factors to consider that may be out of your control. Therefore I very rarely use it.
    Generally speaking, Network Discovery uses SNMP, DHCP, and domain browsing
    to identify routers, subnets, potential clients, and any other resource, such as printers or gateways.
    If you are having trouble make sure that you add the site server computer account to the DHCP Users group.

  7. I am a bit confused on boundaries and discovery and where they overlap. I want to set up our SCCM safely, targeting a small group of computers, and adding more (perhaps on different subnets) as we go. I don't want to accidentally target computers for either client install or OS installation by accident. So, should I use complete AD discovery? This seems to open it up to mistake. I don't want to install client unintentionally on servers or machines I don't want SCCM touching. How would you recommend limiting risk? I don't want to create a Task Sequence that does harm - is this best controlled by boundary definitions, or elsewhere? Thank

  8. To follow up question - if you were installing a system and wanted to only target a small department or a larger organization at first, would you set up AD discovery for the entire AD, bring 100% of everything into SCCM? Or does that open you up for error? How best to limit an unintentional deployment/task sequence from causing harm. Thanks Gerry!

  9. Hi,
    Wht abt enabling the various discovery methods.? By default, only heartbeat discovery is enabled. And when we enable AD forest discovery, wont it automatically create boundries for sites ? Hence the step mentioned by you to create a new boundary and setting a site is necessary ? What if I dont have an AD site ? enabling all the discovery methods isn't sufficient ??