Thursday, May 24, 2007

Successful Advanced Computer Discovery with 'Managed By' attribute in Essentials 2007

I've been asked more than once if SCE 2007 will allow discovery by OU...and the the answer is no, because the interface imposes constraints. However, you can use the Advanced search options in the Discovery wizard to workaround this by setting the the 'Managed by' or 'Description' fields on the computer object to a desired value in the directory and then searching on this value in the Discovery Wizard. While I personally dont see a great deal of value in this given the single-SCE-Server-per-domain support limit, someone somewhere will no doubt (probably in a resourceOU scenario).

Someone came back to me complaining discovery via 'Managed By' did not work, and I wanted to explain why. When it's all said and done, you're building an AD query via a GUI, you just dont have the full range of options available in the enterprise Operations Manager platorm. There is one thing to be aware of with the 'Managed By' field.

Figure 1 - Advanced Discovery Dialogue

In the ADUC GUI, the 'Managed By' looks appears as follows when set:

However, if you cut and paste this value into the Managed By field, discovery will fail. This can be confusing, but there is actually a logical explanation. If you look at the 'ManagedBy' attribute on the computer object in a low-level AD editor (adsiedit or LDP), you'll see it actually contains the DistinguishedName of the user you selected, as shown below.

So to make Advanced Discovery work via this field, add the Distinguished Name from Active Directory for the object into the field provided in Find Computers box in Advanced Discovery, like so:

Click Add, finish the wizard, and Advanced Discovery will now find your desired target computers!


