In the past discovering new objects from Active Directory and to start managing any new object was taking long time, System Center Configuration Manager 2007 R3 introduce a new good feature called Delta Discovery.
In this post I will go through a new System Center Configuration Manager 2007 R3 feature which is Delta Discovery that enhances the discovery capabilities of Configuration Manager by discovering only new or changed resources in Active Directory instead of performing a full discovery cycle. The interval by which delta discovery searches for new resources can be configured by the user to a short interval as only discovering new resources does not affect the performance of the site server as much as a full cycle. Delta discovery can detect the following new resource types:
· Computer objects
· User objects
· Security group objects
· System group objects
Delta discovery only reads Active Directory attribute changes which are replicated. Non-replicated attributes, which are changed, such as the memberof attribute, are not collected by delta discovery unless a change to a replicated attribute is made at the same time. For example, adding a user or machine account to a particular group or Organizational Unit (OU) does not force the object to be replicated at the next delta discovery cycle. The value that we look at in Active Directory is the USNChanged value.
USNChanged value is an incrementing value that is specific to a particular Domain Controller (DC). This is how the DC does sequencing of changes. Every time an object is updated, that object is tagged with the current USNChanged value for that DC, then the DC increments its USNChanged value. When we do a Delta Discovery, we write to the database the current USNChanged value for that DC. Therefore, the next time we kick off a Delta Discovery we check all objects that have a USNChanged value greater than the value that we stored from the last Delta Discovery. Since this value is unique to a particular DC, we will always try to go back to that DC to complete the Delta Discovery process so that we pull only changed values. If for some reason, that DC is offline or inaccessible, then we will fall over to another DC. However, this will force a full Discovery as the USNChanged value will be different on this device and we cannot accurately tell what objects are changed.
Delta discovery is not enabled by default in Configuration Manager 2007 R3. When enabled, it will run, by default every 5 minutes.
1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Site Management / <site code> – <site name> / Site Settings / Discovery Methods.
2. Right-click one of the following discovery methods and then click Properties:
· Active Directory System Group Discovery
· Active Directory Security Group Discovery
· Active Directory System Discovery
· Active Directory User Discovery
3. In the Polling Schedule tab for the selected discovery method, enable the option Enable delta discovery.
4. In the Delta discovery interval (minutes) field, specify the interval in minutes at which delta discovery will run.
5. Click OK to close the Discovery Method dialog box.
It is really good feature that will make different with System Center IT Administrators.
System Center Configuration Manager 2007 R3 Dynamic Collection: http://blogs.technet.com/b/meamcs/archive/2011/01/23/system-center-configuration-manager-2007-r3-dynamic-collection.aspx
"Configuration Manager 2007 R3 Power Management Overview" Part 1 can found here: http://blogs.technet.com/b/meamcs/archive/2011/01/09/system-center-configuration-manager-2007-r3-power-management-part1-overview.aspx
"Update Client for Configuration Manager 2007 R3 Power Management" Part 2 can be found here: http://blogs.technet.com/b/meamcs/archive/2011/01/11/system-center-configuration-manager-2007-r3-power-management-part-2-update-clients-for-power-management.aspx
Step-by-Step how to Audit Configuration Manager 2007 Activities: http://blogs.technet.com/b/meamcs/archive/2011/01/17/step-by-step-how-to-audit-configuration-manager-2007-activities.aspx
What about traffic? As far as I concerned Outbound traffic is greater with delta replication than with full replication. That's right?
no, traffic should not be greater.
I want some more clarification on this. We use AD group based collection for software deployment in SCCM.
Will adding a user or machine to a AD security group identify by delta discovery?
or do I need to do a full discovery? to replicate in my collection.