In many large organizations, network configuration and Active Directory Domain Services are managed separately from Configuration Manager. Changes to the network topology or AD structure must be communicated between these teams to ensure Configuration Manager boundary settings are accurate. Up to date boundary information results in efficient application and software update deployments to all managed client computers. This is especially critical for roaming scenarios, which require boundary information to always be available and up to date. Now in Configuration Manager 2012 Beta 2, Active Directory Forest Discovery and publishing improvements enable organizations to centrally manage distribution of key site system roles across forests without the requirements to deploy additional sites.
Forest Discovery and Publishing Overview
To improve manageability of an ever-changing network environment, Active Directory Forest Discovery is added in Configuration Manager 2012 Beta 2. With it, Configuration Manager can discover Active Directory forests, their domains, AD Sites and IP subnets. Because domain users (or domain computer accounts) have permission to query forest relationships, Active Directory Forest Discovery can return information about other forests and their trust direction. The system can programmatically connect to all the forests and build a complete mapping of the corporate environment. It can also cross forest boundaries using specific credentials for each forest regardless of the trust type. The information obtained through Active Directory Forest Discovery can be directly exported as boundaries or boundary groups. Changes to discovered data are updated dynamically and aged out from the database if no longer present in Active Directory Domain Services. The discovered data is also used when clients request a management point or distribution point to ensure they receive the best possible site system.
Credentials specified for each Active Directory forest are used for both discovery and publishing and enable Configuration Manager 2012 sites to publish Configuration Manager site information in remote trusted or untrusted forests. Publishing stores information such as site system locations and capabilities, boundaries, and security information required by client computers to establish trusted connections with site systems and information such as the client's trust relationship with the forest, and the management point's communication mode (HTTPS/HTTP) and the network information (boundaries) that are used to locate the most appropriate management point or distribution point to communicate with. This enables client computers to more readily locate servers in a trusted forest to ensure user targeted applications.
How to use AD Forest Discovery
- Enable Forest Discovery Active Directory Forest Discovery is a new discovery method located in the Administration workspace of the Configuration Manager console. It can be enabled on the central administration site and primary sites. It is not supported on secondary sites.
To enable Active Directory Forest Discovery, open the Active Directory Forest Discovery method properties dialog, and enable the method by checking "Enable Active Directory Forest Discovery". Active Directory Forest Discovery discovers AD Sites and IP Subnets from the forests, so there are two more flexible options asking whether you want to create the AD Site or IP Subnet boundaries automatically based on the discovery results. Discovery can be scheduled by hour/day/week. Discovery will automatically create the boundaries, but it will still be necessary for you to add the boundaries to a boundary group and to associate them with a site system to ensure content is available to your clients or the boundaries are used for site assignment.
Active Directory Forest Discovery can be run on demand by selecting the "Run full discovery now" action from the ribbon or a right-click menu.
- Monitor Forest Discovery Running Status Active Directory Forest Discovery progress can be monitored by viewing forest discovery log located in (SMS Installation Directory)\Logs\ADForestDisc.log or by viewing Active Directory Forest Discovery component status messages. In the Configuration Manager console, click Monitoring, expand System Status, click Component Status, select SMS_AD_Forest_Discovery_Manager, and click Show Messages to see status messages for this component.