SCCM Active Directory System Discovery is a discovery method to bring discovered devices into your SCCM server. It’s one of the most used discovery methods for its simplicity. Many organization extends their Active directory to include custom attributes to their records. By default, SCCM brings a couple of default Active Directory attributes but it’s also possible to bring any custom attribute that you may have.

SCCM active directory attributes

The good news is that it’s quite simple to add these custom Active Directory Attributes to your SCCM Discovery methods. What is more complicated is how to fetch this data once it’s discovered.

Over the years, we’ve seen much different information stored in AD Attributes. For this post, we’ll add the Description attribute from a computer account to SCCM and describe how to query this information to create collections or reports.

SCCM active directory attributes

SCCM Custom Active Directory attributes Configuration

The first step is to find the name of your AD attribute. To do that, you can use the Active Director Console or ADSIEdit to see the different available attributes.

For our example, we’ll configure SCCM Active Directory System Discovery to fetch the Description attribute from the Win10-01 computer.

SCCM active directory attributes
  • Navigate to Administration / Hierarchy Configuration / Discovery Method
  • Right-click Active Directory System Discovery
  • Select the Active Directory Attributes tab
  • Enter or select your attribute from the Available Attributes list
  • If the wanted attribute is not listed, simply click the Custom button and enter it manually
  • Click Add
  • Ensure that your new attribute is listed in the Selected attribute list and click OK. In this example, I’ve added the Description attribute.
SCCM active directory attributes
  • Once completed, initiate a Full Discovery on Active Directory System Discovery by right-clicking it and choosing Run Full Discovery Now
SCCM 2012 custom active directory attributes

Validation

Wait for the Active Directory System Discovery scan to finish, you can monitor the process by opening adsysdis.log on your site server.

Ensure that you don’t have any lines like this one :

WARN: Type not supported or no value set for the following optional attributes, description

This means that your system doesn’t have any value in the Description field.

On our Win10-01 you can see that we don’t have any warning :

INFO: DDR was written for system ‘WIN10-01’

You can now open the properties of one of the devices. You should see your Active Directory attribute in the discovery data pane :

SCCM active directory attributes

Create Collections based on SCCM Active Directory attribute

Once you have your new discovery data, you can use it to create collections or reports. Let’s start with a collection

  • Create a new collection
  • Add a Query Membership Rule
  • Edit the Query Statement
  • Add a new criteria
  • Click the Select button and select System Resource under Attribute class
  • Select Description under Attribute
  • Select the desired value (ex: like %IT% ) and close all windows. This will add all resources having IT in the description filed. If you click on Value you’ll see all discovered description.
SCCM active directory attributes
  • Close all Windows and initiate a collection membership update. You device will show in this collection

Create Collections based on Active Directory attribute

You can also query this information and include it in your reports.

The information is stored in the V_R_SYSTEM view.

Select Name0, description0 from v_r_system
where description0 is not Null

For my example, I’ve run the query on the computer shown in the first screenshot.

The description field in SCCM matches the data from Active Directory.

SCCM active directory attributes

From there, you can join the V_R_SYSTEM view to other SCCM view and create creative reports based on your SCCM active directory attributes.

Comments (13)

Thomas

03.01.2019 AT 07:20 AM
Is this any different in current branch config?. I have created an attribute in AD, linked it to the Computer Class, i can also see the attribute in Active Directory System Discovery as available and add it to selected attributes. yet i still get warning in logfile. WARN: Type not supported or no value set for the following optional attributes..xxxx Its a boolean attribute with True/False/Not Set. for testing purposes only a few devices has this value defined as either True or False, but im not able to get this info into sccm with a full system discovery

markus84

11.30.2023 AT 08:44 AM
Hi, could this be solved? i have exactly the same error with a custom schema extension (type: unicode string)

markus84

12.01.2023 AT 12:57 PM
Powershell access to the new attributes with the Site Server SYSTEM account was always successful. Filling the attribute for all computers did not help either (this was only a test). Solution: Restart Site Server after extending the schema! strange

Venkatesh

05.10.2018 AT 07:57 AM
Hello All, It is good we can add the custom attributes to System and User Discovery. What will be the impact on SQL Database after adding this additional data? Schema has to be changed. Sync will take more network BW. Any ideas on this?

Rock

04.28.2017 AT 08:29 PM
Can you please tell me where I can I find the custom attributes in SCCM SQL data base. Which specific view stores the AD attribute values?

BigB

02.01.2017 AT 10:05 AM
What about user information? What table does that end up in

binarylab

02.06.2016 AT 07:37 AM
Same problem here. description attribute is not available in my SCCM CB 1511. When I add it as a custom attribute it gives me warnings in adsysdis.log "WARN: Failed to get following optional attributes, description"

Benoit Lecours

02.09.2016 AT 10:22 AM
Interesting, I'll try to reproduce in my lab.

Marek

05.28.2015 AT 03:53 AM
I find out the correct way, is use the custom button to import a cistom attribute "description". Everything works

Marek

05.28.2015 AT 03:25 AM
Sorry for that question, but in my SCCM 2012 R2 isn't the attribute description in Active Directory Attributes tab. Whats going wrong?