Prepare your Environment for Running sms 2003 - Active Directory Part1 - blog by Kim Oppalfens

blog by Kim Oppalfens

Blog about System center configuration manager 2007

Prepare your Environment for Running sms 2003 - Active Directory Part1

Today we'll continue preparing or start cleaning up our Active Directory environment to make implementing/running Sms 2003 as smooth as possible. Sms 2003 introduced a bit of Active Directory integration. Not as much as some people hoped, but there is a certain degree of interaction. In other words having your Active Directory environment sanitized can help a long way in managing SMS 2003. Today we are going to start cleaning up the Active Directory environment to make our Sms 2003 discovery process as happy as a fish in the water.

Dns Scavenging

Before we dive into our cleaning process there is something you should know about active directory system discovery. Cathy Moya from the Sms Product documentation team describes it quite well in Cathy's Fine Faq: http://www.microsoft.com/technet/sms/2003/library/techfaq/default.mspx.

"Active Directory System Discovery will create a DDR for a resource only if it can resolve the name to the IP address by using DNS. If a valid DNS entry does not exist for a computer, SMS does not discover the computer but does create a status message stating there were errors for that computer. You might see these computers referred to as bogus in adsysdis.log."

We are going to take advantage of this little fact to avoid dead weight in Active Directory from making it into our Sms database. What does dns scavenging do? Well it deletes stale resource records. Ever since Windows 2000 the Windows operating systems have supported a feature called Dynamic DNS. Which means the clients dynamically register themselves in dns. Unfortunately unregistering doesn't always work that well. (Because of clients leaving the network without shutting down, amongst other things. (Don't you hate those bad behaving end-users?)).

So by enabling dns scavenging you will delete those stale resource records. Net result: Sms 2003 will no longer discover these resources so they will no longer clog your sms 2003 database, not to mention that they will no longer bring your software distribution success rates down in your reports. 

For those of you looking to get started, you enable dns scavenging in the properties of your dns zone. Right-Click the Zone and on the aging tab enable the Scavenge stale resource records option, and while your at it configure the scavenging process to run daily instead of weekly by executing dnscmd /config /scavenginginterval 24.

 My next post will be about eliminating those dreaded 5503 status messages in Active Directory user and Active Directory System group discovery.

 Enjoy.

"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS

Share this post:                                       
Posted: May 14 2007, 02:15 PM by kimoppalfens | with 3 comment(s)
Filed under:

Comments

MVL said:

Hello Kim

Sound advice, but it is worth noting that DNS scavenging only removes marked records that are created after it is enabled; It cannot mark for deletion records that were created in the past (before it's enabled)...

So, if you want to get rid of stale records, but you haven't enabled DNS scavenging when you installed DNS, the only solution I know ids to script... See the excellent O'Reilly Windows 2003 Security Cookbook.

Cheers

Michel-Vincent

PS: thanks for the excellent hands-on session last week

# May 30, 2007 4:40 AM

kimoppalfens said:

Your absolutely right, definitely worth mentionning. That's just one of the reasons why the post subject is Prepare your environment.

PS: Your absolutely welcome, glad to have actually met you in person.

# May 30, 2007 3:16 PM

evrensev said:

Hi,

What's the script to do this? I need it.

# September 24, 2007 6:30 AM