Active Directory Delta Discovery
Active Directory Delta Discovery is an enhancement to the standard Active Directory discovery methods in Microsoft Configuration Manager (ConfigMgr or SCCM). It identifies only new, updated, or deleted objects in Active Directory since the last discovery cycle, instead of scanning the entire directory again.
How It Works-
- When Delta Discovery is enabled, Configuration Manager performs an initial full discovery.
- After that, it uses timestamps or update sequence numbers (USNs) from Active Directory to detect changes.
- It identifies:
- New resources, such as users, computers, or groups
- Modified resources, such as attribute or group membership changes
- Deleted resources, such as objects removed from Active Directory
Types of Discovery It Supports
Delta Discovery can be used with the following discovery methods:
- Active Directory System Discovery (for discovering computers)
- Active Directory User Discovery (for discovering users)
- Active Directory Group Discovery (for discovering groups and memberships)
Note: Delta Discovery does not apply to Forest Discovery or manually initiated Security Group Discovery.
Frequency
Delta Discovery can be scheduled to run as frequently as every 5 minutes, allowing Configuration Manager to update its database with near real-time accuracy.
Benefits
| Benefit | Description |
|---|---|
| Performance | Reduces the load on domain controllers by avoiding full AD scans. |
| Efficiency | Keeps resource information current by quickly detecting changes. |
| Real-Time Updates | Helps maintain up-to-date data in environments with frequent changes. |
| Lower Network Impact | Minimizes traffic by transferring only changes, not full data sets. |
Considerations
- Delta Discovery depends on a successful full discovery to establish a baseline.
- Major changes to Active Directory structure or schema may require a new full discovery.
- Some attributes or changes may not be tracked if they do not affect USNs.