SCCM - ACTIVE DIRECTORY (SECURITY GROUP/SYSTEM) DISCOVERY AGENT FAILED TO BIND TO CONTAINER

Andreas 21 Reputation points
2022-03-17T15:56:02.12+00:00

Hello Guys

We have an untrusted domain, where the System and Group discovery worked very well untill the 01-2022 CU patch got installed on the SCCM Site server (Server 2016).

The log is giving me the following error:

Active Directory Security Group Discovery Agent failed to bind to container LDAP://domain.com/OU=ou,OU=ou2,DC=domain,dc=com
Error: The user name or password is incorrect.
Possible cause: The AD container specified earlier might be invalid now. The Domain Controller is inaccessible.
Solution: Please verify that the AD container paths specified are valid. Confirm accessibility of the site server to the Domain Controller to be que**ried.

We use a Service account from the DMZ domain to do the discovery: (dmz\service-account).
If I remove the CU from the Site Server, the discovery works well again.

I hope someone can point me in the right direction with this problem.

/Andy

Microsoft Configuration Manager
0 comments No comments
{count} votes

Accepted answer
  1. Jason Sandys 31,146 Reputation points Microsoft Employee
    2022-03-17T17:49:27.017+00:00

    This is a known issue that I believe we are addressing in 2203.

    A workaround that should work is to insert a specific domain controller name in the LDAP path specified in your discovery configuration, e.g., LDAP://dcname/domain.com/OU=ou,OU=ou2,DC=domain,dc=com

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Amandayou-MSFT 11,041 Reputation points
    2022-03-21T07:59:12.337+00:00

    Haven't heard from you for some time, is Jason's answer helpful to you? If it is helpful, please accept answer. It will make someone who has the similar issue easily find the answer.

    If you have any other issues, please don't hesitate to let us know.

    Thanks and have a nice day.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments