Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, October 19, 2017 12:17 PM
Hello, im getting errors on SMS_AD_SYSTEM_DISCOVERY_AGENT component.
DDRs were generated for 0 objects that had errors while reading non-critical properties. DDRs were not generated for 7 objects that had errors while reading critical properties. Possible cause: The site server might not have access to some properties of this object. The container specified might not have the properties available. Solution: Please verify the Active Directory schema for properties that are not replicated or locked. Refer to the discovery logs for more information.
By the way, Computer object account (primary server) was added with full control rights on CN= System Managment container.
with applies: This object and all descendant objects.
https://technet.microsoft.com/en-us/library/bb633169.aspx?f=255&MSPPError=-2147217396
It doesn't helped, SCCM working in one domain root.
Also red this one, but with this solution not helped.
All replies (2)
Friday, October 20, 2017 6:15 AM âś…Answered
Hi, it's not related with System Management container permissions.
Please check the accounts you configured for AD SYS Discovery (AD SYS Discovery properties) must have at least Read access permission to the specified Active Directory locations.
Also, to successfully create a DDR for a computer object, the AD SYS Discovery must be able to identify the computer account and then successfully resolve the computer name to an IP address.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Friday, October 20, 2017 10:14 AM
Hi, it's not related with System Management container permissions.
Please check the accounts you configured for AD SYS Discovery (AD SYS Discovery properties) must have at least Read access permission to the specified Active Directory locations.
Also, to successfully create a DDR for a computer object, the AD SYS Discovery must be able to identify the computer account and then successfully resolve the computer name to an IP address.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Okay, if i clear understood.
Checked log file adsysdis.log Here i can see specified LDAP OU paths which AD system discovery account scanning object from AD.
INFO: Starting to process search scope (LDAP://OU=System,OU=MYOU,DC=mydomain,DC=net)
Actually no errors related access to OU. Just getting error like this:
ERROR: GetIPAddr - GetAddrInfoW() for "Computer45" failed with error code 11001. SMS_AD_SYSTEM_DISCOVERY_AGENT 20-10-2017 12:00:11 39432 (0x9A08)
Conclusion: that this PC can be offline (unavailable). So these errors are normal condition and don't have impact for anything, its just alert which AD objects (computers in this case are not available). I am right?
Example from log:
Active Directory System Discovery Agent reported errors for 4 objects.
It means 4 computers was offline i guess...