You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/mem/configmgr/discovery/ad-group-not-discovered.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
2
title: Delta AD Group Discovery Doesn't Detect Group Membership Changes in Nested OUs
3
-
description: Troubleshoot an issue in which AD Delta Discovery fails to detect group membership changes in child organizational units.
3
+
description: Troubleshoot an issue in which AD Delta Discovery doesn't detect group membership changes in child organizational units.
4
4
ms.date: 01/12/2025
5
5
ms.reviewer: kaushika, jarrettr, brianhun, payur
6
6
ms.custom: sap:Boundary Groups, Discovery and Collections\Active Directory Discovery (all types)
@@ -17,9 +17,9 @@ This article helps you identify this issue in your environment, and provides wor
17
17
18
18
## Symptoms
19
19
20
-
You set up discovery scopes for Active Directory Group Discovery to target specific Active Directory Domain Services (AD DS) groups as described in [Configure Active Directory Group Discovery](/intune/configmgr/core/servers/deploy/configure/configure-discovery-methods#bkmk_config-adgd). The initial full discovery cycle correctly discovers groups in all the in-scope OUs.
20
+
You set up discovery scopes for AD Group Discovery to target specific Active Directory Domain Services (AD DS) groups, as described in [Configure Active Directory Group Discovery](/intune/configmgr/core/servers/deploy/configure/configure-discovery-methods#bkmk_config-adgd). The initial full discovery cycle correctly discovers groups in all the in-scope OUs.
21
21
22
-
Later, after the delta discovery cycle runs, you notice that changes in particular group memberships are missed. However, if you force a full discovery cycle to run, the issue resolves as the full discovery cycle discovers changes in all groups in the in-scope OUs.
22
+
After the delta discovery cycle runs, you notice that changes in particular group memberships are missed. However, if you force a full discovery cycle to run, the issue resolves as the full discovery cycle discovers changes in all groups in the in-scope OUs.
23
23
24
24
In particular, the issue occurs when you define scopes that resemble the following example:
25
25
@@ -29,20 +29,20 @@ In particular, the issue occurs when you define scopes that resemble the followi
29
29
30
30
In this example, the delta cycle of AD Group Discovery doesn't detect changes in Group B's membership.
31
31
32
-
If you want to review log entries to confirm this behavior in your system, see [More information](#more-information).
32
+
If you want to review log entries to verify this behavior in your system, see [More information](#more-information).
33
33
34
34
## Cause
35
35
36
-
During the delta cycle of AD Group Discovery, Configuration Manager detects the organizational units (OUs) of the target groups in the discovery scopes and then builds a tree structure of OUs. It ignores any child OUs of the target groups' OUs.
36
+
During the delta cycle of AD Group Discovery, Configuration Manager detects the OUs of the target groups in the discovery scopes, and then builds a tree structure of OUs. It ignores any child OUs of the OUs in the target groups.
37
37
38
38
During the full discovery cycle of AD Group Discovery, Configuration Manager uses a different algorithm that doesn't ignore child OUs. Therefore, the discovery process works as expected.
39
39
40
40
## Workaround
41
41
42
42
Microsoft is aware of this issue. To work around this issue, use any of the following methods:
43
43
44
-
- Move all groups to top-level OUs. For the earlier example, that means moving Group B to another OU that isn't a child of OU-A (or any other OU in the discovery scopes).
45
-
- Reconfigure the discovery scopes to include the child OUs as target OUs. For the earlier example, that means including OU-B in the discovery scopes as an Organizational Unit.
44
+
- Move all groups to top-level OUs. For the earlier example, this action means moving Group B to another OU that isn't a child of OU-A (or of any other OU in the discovery scopes).
45
+
- Reconfigure the discovery scopes to include the child OUs as target OUs. For the previous example, this action means including OU-B in the discovery scopes as an Organizational Unit.
46
46
- Use only the full discovery process for AD Group Discovery.
0 commit comments