SCCM Active Directory System Discovery is a discovery method to bring discovered devices into your SCCM server. It’s one of the most used discovery methods for its simplicity. Many organization extends their Active directory to include custom attributes to their records. By default, SCCM brings a couple of default Active Directory attributes but it’s also possible to bring any custom attribute that you may have.
The good news is that it’s quite simple to add these custom Active Directory Attributes to your SCCM Discovery methods. What is more complicated is how to fetch this data once it’s discovered.
Over the years, we’ve seen much different information stored in AD Attributes. For this post, we’ll add the Description attribute from a computer account to SCCM and describe how to query this information to create collections or reports.
SCCM Custom Active Directory attributes Configuration
The first step is to find the name of your AD attribute. To do that, you can use the Active Director Console or ADSIEdit to see the different available attributes.
For our example, we’ll configure SCCM Active Directory System Discovery to fetch the Description attribute from the Win10-01 computer.
- Navigate to Administration / Hierarchy Configuration / Discovery Method
- Right-click Active Directory System Discovery
- Select the Active Directory Attributes tab
- Enter or select your attribute from the Available Attributes list
- If the wanted attribute is not listed, simply click the Custom button and enter it manually
- Click Add
- Ensure that your new attribute is listed in the Selected attribute list and click OK. In this example, I’ve added the Description attribute.
- Once completed, initiate a Full Discovery on Active Directory System Discovery by right-clicking it and choosing Run Full Discovery Now
Validation
Wait for the Active Directory System Discovery scan to finish, you can monitor the process by opening adsysdis.log on your site server.
Ensure that you don’t have any lines like this one :
WARN: Type not supported or no value set for the following optional attributes, description
This means that your system doesn’t have any value in the Description field.
On our Win10-01 you can see that we don’t have any warning :
INFO: DDR was written for system ‘WIN10-01’
You can now open the properties of one of the devices. You should see your Active Directory attribute in the discovery data pane :
Create Collections based on SCCM Active Directory attribute
Once you have your new discovery data, you can use it to create collections or reports. Let’s start with a collection
- Create a new collection
- Add a Query Membership Rule
- Edit the Query Statement
- Add a new criteria
- Click the Select button and select System Resource under Attribute class
- Select Description under Attribute
- Select the desired value (ex: like %IT% ) and close all windows. This will add all resources having IT in the description filed. If you click on Value you’ll see all discovered description.
- Close all Windows and initiate a collection membership update. You device will show in this collection
Create Collections based on Active Directory attribute
You can also query this information and include it in your reports.
The information is stored in the V_R_SYSTEM view.
Select Name0, description0 from v_r_system
where description0 is not NullFor my example, I’ve run the query on the computer shown in the first screenshot.
The description field in SCCM matches the data from Active Directory.
From there, you can join the V_R_SYSTEM view to other SCCM view and create creative reports based on your SCCM active directory attributes.
11 Comments on “Extend your inventory with SCCM Active Directory Attributes”
Is this any different in current branch config?. I have created an attribute in AD, linked it to the Computer Class, i can also see the attribute in Active Directory System Discovery as available and add it to selected attributes.
yet i still get warning in logfile.
WARN: Type not supported or no value set for the following optional attributes..xxxx
Its a boolean attribute with True/False/Not Set. for testing purposes only a few devices has this value defined as either True or False, but im not able to get this info into sccm with a full system discovery
Hello All,
It is good we can add the custom attributes to System and User Discovery. What will be the impact on SQL Database after adding this additional data? Schema has to be changed. Sync will take more network BW. Any ideas on this?
It’s a bug. please vote to get priority: https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/32336959-fix-active-directory-discovery-attribute-not-set
Can you please tell me where I can I find the custom attributes in SCCM SQL data base. Which specific view stores the AD attribute values?
What about user information? What table does that end up in
Pingback: How To Add User Attributes In Active Directory | Information
Same problem here. description attribute is not available in my SCCM CB 1511. When I add it as a custom attribute it gives me warnings in adsysdis.log “WARN: Failed to get following optional attributes, description”
Interesting, I’ll try to reproduce in my lab.
It’s a bug. please vote to get priority: https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/32336959-fix-active-directory-discovery-attribute-not-set
I find out the correct way, is use the custom button to import a cistom attribute “description”.
Everything works
Sorry for that question, but in my SCCM 2012 R2 isn’t the attribute description in Active Directory Attributes tab.
Whats going wrong?