設定 Configuration Manager 的探索方法Configure discovery methods for Configuration Manager

適用於:Configuration Manager (最新分支)Applies to: Configuration Manager (current branch)

設定探索方法以從您的網路、Active Directory 及 Azure Active Directory (Azure AD) 尋找要管理的裝置。Configure discovery methods to find resources to manage from your network, Active Directory, and Azure Active Directory (Azure AD). 請先啟用再設定搜尋環境時所要使用的每個方法。First enable and then configure each method that you want to use to search your environment. 您也可以使用與啟用方法時所用的相同程序來停用方法。You can also disable a method by using the same procedure that you use to enable it. 此程序的唯一例外是「活動訊號探索」和「伺服器探索」︰The only exceptions to this process are Heartbeat Discovery and Server Discovery:

  • 活動訊號探索預設在您安裝 Configuration Manager 主要站台時便已啟用。By default, Heartbeat Discovery is already enabled when you install a Configuration Manager primary site. 它會設定為依基本排程執行。It's configured to run on a basic schedule. 請將「活動訊號探索」保持啟用。Keep Heartbeat Discovery enabled. 它可確保裝置的探索資料記錄 (DDR) 是最新的。It makes sure that the discovery data records (DDRs) for devices are up-to-date. 如需活動訊號探索的詳細資訊,請參閱活動訊號相關訊息For more information about Heartbeat Discovery, see About Heartbeat Discovery.

  • 伺服器探索是一個自動探索方法。Server Discovery is an automatic discovery method. 它會尋找您用來作為站台系統的電腦。It finds computers that you use as site systems. 不過您無法設定或停用。You can't configure or disable it.

Active Directory 樹系探索Active Directory Forest Discovery

若要完成 Active Directory 樹系探索的設定,請在下列 Configuration Manager 主控台位置進行設定:To finish the configuration of Active Directory Forest Discovery, configure settings in the following locations of the Configuration Manager console:

  • 在 [探索方法] 節點中:In the Discovery Methods node:

    • 啟用此探索方法。Enable this discovery method.

    • 設定輪詢排程。Set a polling schedule.

    • 選取探索是否要為 Active Directory 站台和它發現的子網路自動建立界限。Select whether discovery automatically creates boundaries for the Active Directory sites and subnets that it discovers.

  • 在 [Active Directory 樹系] 節點中:In the Active Directory Forests node:

    • 新增您想要探索的樹系。Add forests that you want to discover.

    • 針對 Active Directory 站台和該樹系中的子網路啟用探索。Enable discovery of Active Directory sites and subnets in that forest.

    • 配置讓 Configuration Manager 站台將其站台資訊發佈至樹系的設定。Configure settings that enable Configuration Manager sites to publish their site information to the forest.

    • 指派帳戶以當做每個樹系的 Active Directory 樹系帳戶。Assign an account to use as the Active Directory Forest Account for each forest.

利用下列程序啟用 Active Directory 樹系探索,以及設定個別樹系搭配 Active Directory 樹系探索使用。Use the following procedures to enable Active Directory Forest Discovery, and to configure individual forests for use with Active Directory Forest Discovery.

設定 Active Directory 樹系探索Configure Active Directory Forest Discovery

  1. 在 Configuration Manager 主控台中,移至 [系統管理] 工作區,展開 [階層設定],然後選取 [探索方法] 節點。In the Configuration Manager console, go to the Administration workspace, expand Hierarchy Configuration, and select the Discovery Methods node.

  2. 為您要設定探索的站台選取 [Active Directory 樹系探索] 方法。Select the Active Directory Forest Discovery method for the site where you want to configure discovery.

  3. 在功能區的 [常用] 索引標籤上,選取 [內容]。On the Home tab of the ribbon, select Properties.

  4. 在 [內容] 的 [一般] 索引標籤上,進行下列設定:On the General tab of the properties, configure the following settings:

    • 啟用探索方法。Enable the discovery method.

    • 指定選項以建立所探索位置的站台界限。Specify options to create site boundaries for discovered locations.

    • 指定探索執行的排程。Specify a schedule for when discovery runs.

  5. 選取 [確定] 儲存設定。Select OK to save the configuration.

設定 Active Directory 樹系探索的樹系Configure a forest for Active Directory Forest Discovery

  1. 在 [系統管理] 工作區中,展開 [階層設定] ,然後選取 [Active Directory 樹系] 節點。In the Administration workspace, expand Hierarchy Configuration, and select the Active Directory Forests node. 如果 Active Directory 樹系探索之前已執行,您會在結果窗格中看見每個探索到的樹系。If Active Directory Forest Discovery has previously run, you see each discovered forest in the results pane. 當此探索方法執行時,它會探索本機樹系和任何信任的樹系。When this discovery method runs, it discovers the local forest and any trusted forests. 請手動新增未受信任的樹系。Manually add untrusted forests.

    • 若要設定先前探索到的樹系,請在結果窗格中選取樹系。To configure a previously discovered forest, select the forest in the results pane. 在功能區中,選取 [內容] 以開啟樹系內容。In the ribbon, select Properties to open the forest properties.

    • 若要設定未列出的新樹系,在功能區 [常用] 索引標籤的 [建立] 群組中,選取 [新增樹系]。To configure a new forest that isn't listed, on the Home tab of the ribbon, in the Create group, select Add Forest. 這個動作會開啟 [新增樹系] 對話方塊。This action opens the Add Forests dialog box.

  2. 在 [一般] 索引標籤上,完成您要探索之樹系的設定,然後指定 [Active Directory 樹系帳戶]。On the General tab, finish configurations for the forest that you want to discover, and specify the Active Directory Forest Account. 如需此帳戶的詳細資訊,請參閱帳戶For more information on this account, see Accounts.

    注意

    Active Directory 樹系探索需要通用帳戶,才能探索及發佈至不受信任的樹系。Active Directory Forest Discovery requires a global account to discover and publish to untrusted forests. 如果您未使用站台伺服器的電腦帳戶,就只能選取通用帳戶。If you don't use the computer account of the site server, you can only select a global account.

  3. 如果您打算讓站台將站台資料發佈至此樹系,可在 [發佈] 索引標籤上完成發佈至此樹系的設定。If you plan to let sites publish site data to this forest, on the Publishing tab, finish configurations for publishing to this forest.

    注意

    如果您讓站台發佈至樹系,請針對 Configuration Manager 延伸該樹系的 Active Directory 架構。If you let sites publish to a forest, extend the Active Directory schema of that forest for Configuration Manager. Active Directory 樹系帳戶必須具有該樹系中系統容器的完全控制權限。The Active Directory Forest Account must have Full Control permissions to the System container in that forest.

  4. 選取 [確定] 儲存設定。Select OK to save the configuration.

電腦、使用者或群組的 Active Directory 探索Active Directory discovery for computers, users, or groups

若要設定電腦、使用者或群組的探索,請從下列常用步驟開始:To configure discovery of computers, users, or groups, start with these common steps:

  1. 在 Configuration Manager 主控台中,移至 [系統管理] 工作區,展開 [階層設定],然後選取 [探索方法] 節點。In the Configuration Manager console, go to the Administration workspace, expand Hierarchy Configuration, and select the Discovery Methods node.

  2. 為您要設定探索的站台選取方法。Select the method for the site where you want to configure discovery.

  3. 在功能區的 [常用] 索引標籤上,選取 [內容]。On the Home tab of the ribbon, select Properties.

  4. 在 [內容] 的 [一般] 索引標籤上,選取核取方塊來啟用探索。On the General tab of the properties, select the checkbox to enable discovery. 您也可以在現在設定探索,稍後再返回啟用探索。Or you can configure discovery now, and then return to enable discovery later.

接著,使用以下各節中的資訊來設定特定的探索方法:Then use the information in the following sections to configure the specific discovery methods:

注意

本節中的資訊不適用於「Active Directory 樹系探索」。The information in this section doesn't apply to Active Directory Forest Discovery.

雖然每一種探索方法各自獨立,但是有一些類似的選項。Although each of these discovery methods is independent of the others, they share similar options. 如需這些設定選項的詳細資訊,請參閱群組、系統和使用者探索的共用選項For more information about these configuration options, see Shared options for group, system, and user discovery.

警告

每一種探索方法的 Active Directory 輪詢可能產生相當大的網路流量。The Active Directory polling by each of these discovery methods can generate significant network traffic. 請考慮將每一種探索方法排定在此網路流量不會對網路之業務使用造成負面影響的時段執行。Consider scheduling each discovery method to run at a time when this network traffic doesn't adversely affect business uses of your network.

設定 Active Directory 群組探索Configure Active Directory Group Discovery

  1. 在 [Active Directory 群組探索內容] 視窗的 [一般] 索引標籤上,選取 [新增] 來設定探索範圍。On the General tab of the Active Directory Group Discovery Properties window, select Add to configure a discovery scope. 選取 [群組] 或 [位置]。Select either Groups or Location. 然後在 [新增群組] 或 [新增 Active Directory 位置] 對話方塊中完成下列設定:Then finish the following configurations in the Add Groups or Add Active Directory Location dialog box:

    1. 為此探索範圍指定 [名稱] 。Specify a Name for this discovery scope.

    2. 指定要搜尋的 [Active Directory 網域] 或 [位置] :Specify an Active Directory Domain or Location to search:

      • 如果您選擇 [群組],請指定一或多個要探索的 Active Directory 群組。If you chose Groups, specify one or more Active Directory groups to discover.

      • 如果您選擇 [位置],請指定 Active Directory 容器作為要探索的位置。If you chose Location, specify an Active Directory container as a location to discover. 您也可以針對此位置啟用 Active Directory 子容器的遞迴搜尋。You can also enable a recursive search of Active Directory child containers for this location.

    3. 指定站台用來搜尋此探索範圍的 Active Directory 群組探索帳戶Specify the Active Directory Group Discovery Account that the site uses to search this discovery scope. 如需詳細資訊,請參閱帳戶For more information, see Accounts.

    4. 選取 [確定] 來儲存探索範圍設定。Select OK to save the discovery scope configuration.

  2. 針對您要定義的每個額外探索範圍重複執行上述步驟。Repeat the previous steps for each additional discovery scope that you want to define.

  3. 在 [輪詢排程] 索引標籤上,設定完整探索輪詢排程和差異探索。On the Polling Schedule tab, configure both the full discovery polling schedule and delta discovery.

  4. 在 [選項] 索引標籤上進行設定,以從探索中篩選掉或排除過時的電腦記錄。On the Options tab, configure settings to filter out or exclude stale computer records from discovery. 此外,也請設定發佈群組的成員資格探索。Also configure the discovery of the membership of distribution groups.

    注意

    根據預設,Active Directory 群組探索只會探索安全性群組的成員資格。By default, Active Directory Group Discovery discovers only the membership of security groups.

  5. 選取 [確定] 儲存設定。Select OK to save the configuration.

設定 Active Directory 系統探索Configure Active Directory System Discovery

  1. 在 [Active Directory 系統探索內容] 視窗的 [一般] 索引標籤上,選取 [新增] 圖示 新增圖示 來指定新的 Active Directory 容器。On the General tab of the Active Directory System Discovery Properties window, select the New icon New icon to specify a new Active Directory container. 在 [Active Directory 容器] 對話方塊方塊中,完成下列設定︰In the Active Directory Container dialog box, finish the following configurations:

    1. 輸入或瀏覽到適用於路徑的位置。Type or browse to a location for the Path. 這個值是連至容器或組織單位 (OU) 的有效 LDAP 路徑。This value is a valid LDAP path to a container or organizational unit (OU). 站台會查詢這個資源路徑。The site queries this path for resources. 例如, LDAP://CN=Computers,DC=contoso,DC=comFor example, LDAP://CN=Computers,DC=contoso,DC=com

    2. 指定可變更搜尋行為的選項:Specify options that change the search behavior:

      • 在 Active Directory 群組內探索物件:站台也會查看此路徑中的群組成員資格。Discover objects within Active Directory groups: The site also looks at the membership of groups in this path.

      • 以遞迴方式搜尋 Active Directory 子容器:如果您啟用此選項,站台就會搜尋上述路徑內的任何其他容器或 OU。Recursively search Active Directory child containers: If you enable this option, the site searches any additional containers or OUs within the above path. 如果您停用此選項,站台就只會搜尋特定路徑中的資源。If you disable this option, the site only searches for resources in the specific path.

        從 1806 版開始,請選取要從此遞迴搜尋中排除的子容器。Starting in version 1806, select subcontainers to exclude from this recursive search. 此選項有助於減少探索到的物件數目。This option helps to reduce the number of discovered objects. 選取 [新增] 來選擇上述路徑下方的容器。Select Add to choose the containers under the above path. 在 [選取新的容器] 對話方塊中,選取要排除的子容器。In the Select New Container dialog box, select a child container to exclude. 選取 [確定] 來關閉 [選取新容器] 對話方塊。Select OK to close the Select New Container dialog box.

        提示

        [Active Directory 系統探索內容] 視窗中的 Active Directory 容器清單會包含 [已設定排除] 欄。The list of Active Directory containers in the Active Directory System Discovery Properties window includes a column Has Exclusions. 當您選取要排除的容器時,此值為 [是]。When you select containers to exclude, this value is Yes.

    3. 針對每個位置指定要做為 [Active Directory 探索帳戶] 使用的帳戶。For each location, specify the account to use as the Active Directory Discovery Account. 如需詳細資訊,請參閱帳戶For more information, see Accounts.

      提示

      您可以針對每個指定的位置,設定一組探索選項和一個唯一的「Active Directory 探索帳戶」。For each specified location, you can configure a set of discovery options and a unique Active Directory Discovery Account.

    4. 選取 [確定] 以儲存 Active Directory 容器設定。Select OK to save the Active Directory container configuration.

  2. 在 [輪詢排程] 索引標籤上,設定完整探索輪詢排程和差異探索。On the Polling Schedule tab, configure both the full discovery polling schedule and delta discovery.

  3. 在 [Active Directory 屬性] 索引標籤上,針對您要探索的電腦設定其他 Active Directory 屬性。On the Active Directory Attributes tab, configure additional Active Directory attributes for computers that you want to discover. 這個索引標籤會列出預設的物件屬性。This tab lists the default object attributes.

    提示

    例如,您的組織要使用 Active Directory 中電腦帳戶上的 Description 屬性。For example, your organization uses the Description attribute on the computer account in Active Directory. 選取 [自訂],然後新增 Description 作為自訂屬性。Select Custom, and add Description as a custom attribute. 此探索方法執行之後,這個屬性會顯示在裝置中 Configuration Manager 主控台的 [內容] 索引標籤上。After this discovery method runs, this attribute shows on the device Properties tab in the Configuration Manager console.

  4. 在 [選項] 索引標籤上進行設定,以從探索中篩選掉或排除過時的電腦記錄。On the Options tab, configure settings to filter out or exclude stale computer records from discovery.

  5. 選取 [確定] 儲存設定。Select OK to save the configuration.

設定 Active Directory 使用者探索Configure Active Directory User Discovery

  1. 在 [Active Directory 使用者探索內容] 視窗的 [一般] 索引標籤上,選取 [新增] 圖示 新增圖示 來指定新的 Active Directory 容器。On the General tab of the Active Directory User Discovery Properties window, select the New icon New icon to specify a new Active Directory container. 在 [Active Directory 容器] 對話方塊方塊中,完成下列設定︰In the Active Directory Container dialog box, finish the following configurations:

    1. 指定要搜尋的一個或多個位置。Specify one or more locations to search.

    2. 針對每個位置指定變更搜尋行為的選項。For each location, specify options that change the search behavior.

    3. 針對每個位置指定要做為 [Active Directory 探索帳戶] 使用的帳戶。For each location, specify the account to use as the Active Directory Discovery Account. 如需詳細資訊,請參閱帳戶For more information, see Accounts.

      注意

      您可以針對每個指定的位置,設定一組唯一的探索選項和一個唯一的「Active Directory 探索帳戶」。For each specified location, you can configure a unique set of discovery options and a unique Active Directory Discovery Account.

    4. 選取 [確定] 以儲存 Active Directory 容器設定。Select OK to save the Active Directory container configuration.

  2. 在 [輪詢排程] 索引標籤上,設定完整探索輪詢排程和差異探索。On the Polling Schedule tab, configure both the full discovery polling schedule and delta discovery.

  3. 在 [Active Directory 屬性] 索引標籤上,針對您要探索的電腦設定其他 Active Directory 屬性。On the Active Directory Attributes tab, configure additional Active Directory attributes for computers that you want to discover. 這個索引標籤會列出預設的物件屬性。This tab lists the default object attributes.

  4. 選取 [確定] 儲存設定。Select OK to save the configuration.

Azure AD 使用者探索Azure AD User Discovery

「Azure AD 使用者探索」的啟用或設定方式與其他探索方法不同。Azure AD User Discovery isn't enabled or configured the same as other discovery methods. 請在讓 Configuration Manager 站台在 Azure AD 中上線時設定它。Configure it when you onboard the Configuration Manager site to Azure AD.

如需詳細資訊,請參閱 Azure AD 使用者探索For more information, see Azure AD User Discovery.

先決條件Prerequisites

若要啟用並設定此探索方法,請設定 Azure 服務來進行雲端管理To enable and configure this discovery method, Configure Azure Services for Cloud Management.

如果您使用 Configuration Manager 建立 Azure 應用程式,它會以所需的權限設定應用程式。If you use Configuration Manager to create the Azure app, it configures the app with the necessary permissions.

如果您先在 Azure 中建立應用程式,然後將其匯入至 Configuration Manager 中,則您必須手動設定應用程式。If you create the app in Azure first, and then import it into Configuration Manager, you need to manually configure the app. 此設定包括授與伺服器應用程式讀取目錄資料的權限。This configuration includes granting the server app permission to read directory data.

  1. 以具有全域管理員權限的使用者身分,開啟 Azure 入口網站Open the Azure portal as a user with Global Admin permissions. 移至 [Azure Active Directory],然後選取 [應用程式註冊]。Go to Azure Active Directory, and select App registrations. 視需要切換至 [所有應用程式]。Switch to All applications if necessary.

  2. 選取目標應用程式。Select the target application.

  3. 在 [管理] 功能表中,選取 [API 權限]。In the Manage menu, select API permissions.

    1. 在 [API 權限] 面板上,選取 [新增權限]。On the API permissions panel, select Add a permission.

    2. 在 [要求 API 權限] 面板中,切換至 [我的組織使用的 API]。In the Request API permissions panel, switch to APIs my organization uses.

    3. 搜尋並選取 Microsoft Graph API。Search for and select the Microsoft Graph API.

      提示

      在 1810 版和更舊版本中,請使用 Azure Active Directory Graph API。In version 1810 and earlier, use the Azure Active Directory Graph API.

    4. 選取 [應用程式權限] 群組。Select the Application permissions group. 展開 [目錄],然後選取 Directory.Read.AllExpand Directory, and select Directory.Read.All.

    5. 選取 [新增權限]。Select Add permissions.

  4. 在 [API 權限] 面板的 [授與同意] 區段中,選取 [授與系統管理員同意...]。選取 [是]。On the API permissions panel, in the Grant consent section, select Grant admin consent.... Select Yes.

設定 Azure AD 使用者探索Configure Azure AD User Discovery

設定雲端管理 Azure 服務時:When configuring the Cloud Management Azure service:

  • 在精靈的 [探索] 頁面上,選取 [啟用 Azure Active Directory 使用者探索] 的選項。On the Discovery page of the wizard, select the option to Enable Azure Active Directory User Discovery.
  • 選取 [設定]。Select Settings.
  • 在 [Azure AD 使用者探索設定] 對話方塊中,設定進行探索的排程。In the Azure AD User Discovery Settings dialog box, configure a schedule for when discovery occurs. 您也可以啟用差異探索,這將只檢查 Azure AD 中是否有新的或已變更的帳戶。You can also enable delta discovery, which only checks for new or changed accounts in Azure AD.

注意

如果使用者是同盟或同步處理身分識別,您就必須使用 Configuration Manager Active Directory 使用者探索以及 Azure AD 使用者探索。If the user is a federated or synchronized identity, you must use Configuration Manager Active Directory user discovery as well as Azure AD user discovery. 如需混合式身分識別的詳細資訊,請參閱定義混合式身分識別採用策略For more information about hybrid identities, see Define a hybrid identity adoption strategy.

Azure AD 使用者群組探索Azure AD User Group Discovery

提示

此功能最初是在 1906 版中引進作為發行前版本功能This feature was first introduced in version 1906 as a pre-release feature. 從 2002 版開始,其不再是發行前版本功能。Beginning with version 2002, it's no longer a pre-release feature.

您可以從 Azure AD 中探索使用者群組和這些群組的成員。You can discover user groups and members of those groups from Azure AD. 當網站在先前未探索到的 Azure AD 群組中找到使用者時,它會將他們新增為 Configuration Manager 中的新使用者資源。When the site finds users in Azure AD groups that it hasn't previously discovered, it adds them as new user resources in Configuration Manager. 當群組是安全性群組時,會建立使用者群組資源記錄。A user group resource record is created when the group is a security group.

先決條件Prerequisites

  • 雲端管理 Azure 服務Cloud Management Azure service
  • 讀取和搜尋 Azure AD 群組的權限Permission to read and search Azure AD groups

限制Limitations

在 1906 版中已停用 Azure AD 使用者群組探索的差異探索。Delta discovery for Azure AD user group discovery is disabled in version 1906. 從 Configuration Manager 1910 版開始,您可以加以啟用。You can enable it starting in Configuration Manager version 1910.

記錄檔Log files

請使用 SMS_AZUREAD_DISCOVERY_AGENT.log 來進行疑難排解。Use the SMS_AZUREAD_DISCOVERY_AGENT.log for troubleshooting. 此記錄檔也會與 Azure AD 使用者探索共用。This log is also shared with Azure AD user discovery. 如需詳細資訊,請參閱記錄檔For more information, see Log files.

啟用 Azure AD 使用者群組探索Enable Azure AD user group discovery

若要在現有的雲端管理 Azure 服務上啟用探索:To enable discovery on an existing Cloud Management Azure service:

  1. 移至 [管理] 工作區、展開 [雲端服務],然後選取 [Azure 服務] 節點。Go to the Administration workspace, expand Cloud Services, then select the Azure Services node.
  2. 選取其中一項 Azure 服務,然後選取功能區中的 [內容]。Select one of your Azure services, then select Properties in the ribbon.
  3. 在 [探索] 索引標籤上,核取 [啟用 Azure Active Directory 群組探索] 的方塊,然後選取 [設定]。In the Discovery tab, check the box to Enable Azure Active Directory Group Discovery, then select Settings.
  4. 選取 [探索範圍] 索引標籤下方的 [新增]。Select Add under the Discovery Scopes tab.
    • 您可以在其他索引標籤中修改 [輪詢排程]。You can modify the Polling Schedule in the other tab.
  5. 選取一或多個使用者群組。Select one or more user groups. 您可以依名稱 [搜尋],然後選擇是否要查看 [僅限安全性群組]。You can Search by name and choose if you want to see Security groups only.
    • 當您第一次選取 [搜尋] 時,系統會提示您登入至 Azure。You'll be prompted to sign in to Azure when you select Search the first time.
  6. 當您完成選取群組時,請選取 [確定]。Select OK when you finish selecting groups.
  7. 完成執行探索時,您可以在 [使用者] 節點中瀏覽您的 Azure AD 使用者群組。Once discovery finishes running, you can browse your Azure AD user groups in the Users node.

若要在設定新的雲端管理 Azure 服務時啟用探索:To enable discovery when configuring a new Cloud Management Azure service:

  • 在精靈的 [探索] 頁面上,選取 [啟用 Azure Active Directory 群組探索] 的選項。On the Discovery page of the wizard, select the option to Enable Azure Active Directory Group Discovery.
  • 選取 [設定]。Select Settings.
  • 在 [Azure AD 群組探索設定] 對話方塊中,設定您的探索範圍以及進行探索的排程。In the Azure AD Group Discovery Settings dialog box, configure your discovery scope and a schedule for when discovery occurs.

活動訊號探索Heartbeat Discovery

Configuration Manager 會在您安裝主要站台時啟用活動訊號探索方法。Configuration Manager enables the Heartbeat Discovery method when you install a primary site. 如果您想要使用每七天的預設排程,則不需設定其他項目。If you want to use the default schedule of every seven days, there's nothing else to configure. 否則,您只需設定用戶端將活動訊號探索資料記錄傳送至管理點的排程。Otherwise, you only have to configure the schedule for how often clients send the Heartbeat Discovery data record to a management point.

注意

如果您在相同站台上啟用用戶端推入安裝和清除安裝旗標的站台維護工作,請將活動訊號探索的排程設定為低於清除安裝旗標站台維護工作的用戶端重新探索期間If you enable both client push installation and the site maintenance task for Clear Install Flag at the same site, set the schedule of Heartbeat Discovery to be less than the Client Rediscovery period of the Clear Install Flag site maintenance task. 如需站台維護工作的詳細資訊,請參閱維護工作For more information about site maintenance tasks, see Maintenance tasks.

設定活動訊號探索排程Configure the Heartbeat Discovery schedule

  1. 在 Configuration Manager 主控台中,移至 [系統管理] 工作區,展開 [階層設定],然後選取 [探索方法] 節點。In the Configuration Manager console, go to the Administration workspace, expand Hierarchy Configuration, and select the Discovery Methods node.

  2. 針對您要設定活動訊號探索的站台,選取活動訊號探索方法。Select the Heartbeat Discovery method for the site where you want to configure Heartbeat Discovery.

  3. 在功能區的 [常用] 索引標籤上,選取 [內容]。On the Home tab of the ribbon, select Properties.

  4. 設定用戶端提交活動訊號探索資料記錄的頻率。Configure the frequency with which clients submit a Heartbeat discovery data record. 然後選取 [確定] 來儲存設定。Then select OK to save the configuration.

網路探索Network Discovery

設定網路探索之前,請先了解下列主題:Before you configure Network Discovery, understand the following topics:

  • 可用的網路探索層級Available levels of Network Discovery

  • 可用的網路探索選項Available Network Discovery options

  • 限制網路上的網路探索Limiting Network Discovery on the network

如需詳細資訊,請參閱關於網路探索For more information, see About Network Discovery.

下面各節提供有關一般網路探索設定的資訊。The following sections provide information about common configurations for Network Discovery. 您可以設定同一次探索執行期間使用的其中一項或多項設定。You can configure one or more of these configurations for use during the same discovery run. 如果您使用多個設定,請針對可能影響探索結果的互動進行規劃。If you use multiple configurations, plan for the interactions that can affect the discovery results.

例如,您探索使用特定 SNMP 群體名稱的所有簡易網路管理通訊協定 (SNMP) 裝置。For example, you discover all Simple Network Management Protocol (SNMP) devices that use a specific SNMP community name. 您會針對同一次探索執行來停用特定子網路上的探索。For the same discovery run, you disable discovery on a specific subnet. 執行探索時,「網路探索」不會在您已停用的子網路上探索具有所指定群體名稱的 SNMP 裝置。When discovery runs, Network Discovery doesn't discover the SNMP devices with the specified community name on the subnet that you've disabled.

判斷您的網路拓撲Determine your network topology

您可以使用拓撲專屬探索對應您的網路。You can use a topology-only discovery to map your network. 這類探索不會探索潛在的用戶端。This kind of discovery doesn't discover potential clients. 拓撲專屬網路探索依賴 SNMP。The topology-only Network Discovery relies on SNMP.

對應網路拓撲時,在 [網路探索內容] 對話方塊的 [SNMP] 索引標籤上,設定 [躍點數上限]。When you're mapping your network topology, configure the Maximum hops on the SNMP tab in the Network Discovery Properties dialog box. 只需幾個躍點,就有助於控制探索執行時所使用的網路頻寬。Just a few hops can help control the network bandwidth that's used when discovery runs. 進一步探索網路時,增加躍點數以深入了解您的網路拓撲。As you discover more of your network, increase the number of hops to gain a better understanding of your network topology.

了解您的網路拓撲之後,設定網路探索的其他內容。After you understand your network topology, configure additional properties for Network Discovery. 這些內容有助於探索潛在用戶端及其作業系統。These properties help to discover potential clients and their operating systems. 此外,也請設定網路探索來限制其可搜尋的網路區段。Also configure Network Discovery to limit the network segments that it can search.

如需詳細資訊,請參閱如何判斷您的網路拓撲For more information, see How to determine your network topology

網路探索搜尋選項Network Discovery search options

Configuration Manager 支援使用下列方法來搜尋網路:Configuration Manager supports the following methods to search the network:

使用子網路限制搜尋Limit searches by using subnets

您可以將網路探索設定為在探索執行期間搜尋特定子網路。You can configure Network Discovery to search specific subnets during a discovery run. 根據預設,網路探索會搜尋執行探索的伺服器子網路。By default, Network Discovery searches the subnet of the server that runs discovery. 您設定與啟用的其他任何子網路都只能套用至 SNMP 和 DHCP 搜尋選項。Any additional subnets that you configure and enable apply only to SNMP and DHCP search options. 當「網路探索」搜尋網域時,並不會受到子網路的設定限制。When Network Discovery searches domains, it isn't limited by configurations for subnets.

如果您在 [網路探索內容] 對話方塊的 [子網路] 索引標籤上指定一或多個子網路,則只會搜尋您標記為啟用的子網路。If you specify one or more subnets on the Subnets tab in the Network Discovery Properties dialog box, it only searches the subnets that you mark as Enabled.

當您停用子網路時,站台便會從探索中將它排除,而且適用下列情況:When you disable a subnet, the site excludes it from discovery, and the following conditions apply:

  • 以 SNMP 為主的查詢無法在子網路上執行。SNMP-based queries don't run on the subnet.

  • DHCP 伺服器不會使用位於子網路的資源清單來回覆。DHCP servers don't reply with a list of resources located on the subnet.

  • 網域為主的查詢可以探索位於子網路的資源。Domain-based queries can discover resources that are located on the subnet.

搜尋特定網域Search a specific domain

您可以將網路探索設定為在探索執行期間,搜尋特定網域或一組網域。You can configure Network Discovery to search a specific domain or set of domains during a discovery run. 根據預設,網路探索會搜尋執行探索的本機伺服器網域。By default, Network Discovery searches the local domain of the server that runs discovery.

如果您在 [網路探索內容] 對話方塊的 [網域] 索引標籤上指定一或多個網域,則只會搜尋您標記為啟用的網域。If you specify one or more domains on the Domains tab in the Network Discovery Properties dialog box, it only searches the domains that you mark as Enabled.

當您停用網域時,站台便會從探索中將它排除,而且適用下列情況:When you disable a domain, the site excludes it from discovery, and the following conditions apply:

  • 網路探索不會查詢該網域中的網域控制站。Network Discovery doesn't query domain controllers in that domain.

  • SNMP 為主的查詢仍可在網域中的子網路上執行。SNMP-based queries can still run on subnets in the domain.

  • DHCP 伺服器仍可用位於網域中的資源清單來回覆。DHCP servers can still reply with a list of resources located in the domain.

使用 SNMP 群體名稱限制搜尋Limit searches by using SNMP community names

您可以將網路探索設定為在探索執行期間,搜尋特定 SNMP 群體或一組群體。You configure Network Discovery to search a specific SNMP community or set of communities during a discovery run. 根據預設,此方法會設定公開群體名稱。By default, the method configures the public community name.

網路探索會使用群體名稱來存取等於 SNMP 裝置的路由器。Network Discovery uses community names to gain access to routers that are SNMP devices. 路由器會提供網路探索有關其他路由器,以及連結至第一個路由器的子網路的資訊。A router can supply Network Discovery with information about other routers and subnets that are linked to the first router.

注意

SNMP 群體名稱和密碼類似。SNMP community names resemble passwords. 「網路探索」只能從您已為其指定群體名稱的 SNMP 裝置取得資訊。Network Discovery can get information only from an SNMP device for which you've specified a community name. 各個 SNMP 裝置皆可擁有自己的群體名稱,但是通常數個裝置會共用相同的群體名稱。Each SNMP device can have its own community name, but often the same community name is shared among several devices. 此外,多數的 SNMP 裝置皆有預設的 [公用] 群體名稱。Additionally, most SNMP devices have a default community name of public. 不過,有些組織會從其裝置刪除 [公用] 群體名稱,以當作安全預防措施。But some organizations delete the public community name from their devices as a security precaution.

如果您在 [網路探索內容] 對話方塊的 [SNMP] 索引標籤上包含多個 SNMP 群體,它就會按照這些群體的顯示順序進行搜尋。If you include more than one SNMP community on the SNMP tab in the Network Discovery Properties dialog box, it searches them in the order in which they're shown. 請確定最常使用的名稱會位於清單最上方。Make sure that the most frequently used names are at the top of the list. 此設定有助於將站台在嘗試使用不同名稱連絡裝置時所產生的網路流量降至最低。This configuration helps to minimize network traffic that the site generates when it tries to contact a device by using different names.

注意

除了使用 SNMP 群體名稱之外,您還可以指定特定 SNMP 裝置的 IP 位址或可解析名稱。Along with using the SNMP community name, you can specify the IP address or resolvable name of a specific SNMP device. 您可以在 [網路探索內容] 對話方塊的 [SNMP 裝置] 索引標籤上執行此動作。You do this action on the SNMP Devices tab in the Network Discovery Properties dialog box.

搜尋特定的 DHCP 伺服器Search a specific DHCP server

您可以將網路探索設定為使用特定 DHCP 伺服器或多個伺服器,在探索執行期間探索 DHCP 用戶端。You can configure Network Discovery to use a specific DHCP server or multiple servers to discover DHCP clients during a discovery run.

網路探索會搜尋您在 [網路探索內容] 對話方塊中的 [DHCP] 索引標籤上指定的各個 DHCP 伺服器。Network Discovery searches each DHCP server that you specify on the DHCP tab in the Network Discovery Properties dialog box. 如果正在執行探索的伺服器會向 DHCP 伺服器租用它的 IP 位址,您可以設定探索來搜尋該 DHCP 伺服器。If the server that's running discovery leases its IP address from a DHCP server, you can configure discovery to search that DHCP server. 使用 [包含設定站台伺服器使用的 DHCP 伺服器] 選項來啟用此行為。Enable this behavior with the option to Include the DHCP server that the site server is configured to use.

注意

若要成功設定網路探索中的 DHCP 伺服器,您的環境必須支援 IPv4。To successfully configure a DHCP server in Network Discovery, your environment must support IPv4. 在原生 IPv6 環境中,您無法將「網路探索」設定為使用 DHCP 伺服器。You can't configure Network Discovery to use a DHCP server in a native IPv6 environment.

如何設定網路探索How to configure Network Discovery

使用以下程序,先只探索您的網路拓撲,然後使用一個或多個可用的網路探索選項,將網路探索設定為探索潛在用戶端。Use the following procedures to first discover only your network topology, and then to configure Network Discovery to discover potential clients by using one or more of the available Network Discovery options.

如何判斷您的網路拓撲How to determine your network topology

  1. 在 Configuration Manager 主控台中,移至 [系統管理] 工作區,展開 [階層設定],然後選取 [探索方法] 節點。In the Configuration Manager console, go to the Administration workspace, expand Hierarchy Configuration, and select the Discovery Methods node.

  2. 針對您要探索網路資源的站台選取網路探索方法。Select the Network Discovery method for the site where you want to discover network resources.

  3. 在功能區的 [常用] 索引標籤上,選取 [內容]。On the Home tab of the ribbon, select Properties.

    • 在 [一般] 索引標籤上,選取 [啟用網路探索] 的選項。On the General tab, select the option to Enable network discovery. 接著,從 [探索類型] 選項中選取 [拓樸]。Then select Topology from the Type of discovery options.

    • 在 [子網路] 索引標籤上,選取 [搜尋本機子網路] 選項。On the Subnets tab, select the Search local subnets option.

      提示

      如果您知道組成網路的特定子網路,請取消選取 [搜尋本機子網路] 核取方塊。If you know the specific subnets that constitute your network, deselect the Search local subnets checkbox. 接著,選取 [新增] 圖示 新增圖示 來新增您想要搜尋的特定子網路。Then select the New icon New icon, and add the specific subnets that you want to search. 針對大型網路,一次只搜尋一或兩個子網路,以便將網路頻寬的使用量降至最低。For large networks, search only one or two subnets at a time to minimize the use of network bandwidth.

    • 在 [網域] 索引標籤上,選取 [搜尋本機網域] 的選項。On the Domains tab, select the option to Search local domain.

    • 在 [SNMP] 索引標籤上,從 [躍點數上限] 下拉式清單中選取選項。On the SNMP tab, select an option from the Maximum hops drop-down list. 這個選項會指定網路探索在對應您的拓撲時需要多少個路由器躍點。This option specifies how many router hops Network Discovery can take in mapping your topology.

      提示

      當您首次對應網路拓撲時,只要設定幾個路由器躍點就能將網路頻寬的使用量減到最少。When you first map your network topology, configure just a few router hops to minimize the use of network bandwidth.

  4. 在 [排程] 索引標籤上,選取 [新增] 圖示 新增圖示 以設定執行探索的排程。On the Schedule tab, select the New icon New icon, and set a schedule for running discovery.

    注意

    您不能對個別的「網路探索」排程指派不同的探索設定。You can't assign a different discovery configuration to separate Network Discovery schedules. 每次執行網路探索時,皆會使用目前的探索設定。Each time Network Discovery runs, it uses the current discovery configuration.

  5. 選取 [確定] 以接受設定。Select OK to accept the configurations. 網路探索會在排定的時間執行。Network Discovery runs at the scheduled time.

如何設定網路探索How to configure Network Discovery

  1. 在 Configuration Manager 主控台中,移至 [系統管理] 工作區,展開 [階層設定],然後選取 [探索方法] 節點。In the Configuration Manager console, go to the Administration workspace, expand Hierarchy Configuration, and select the Discovery Methods node.

  2. 針對您要探索網路資源的站台選取網路探索方法。Select the Network Discovery method for the site where you want to discover network resources.

  3. 在功能區的 [常用] 索引標籤上,選取 [內容]。On the Home tab of the ribbon, select Properties.

  4. 在 [一般] 索引標籤上,選取 [啟用網路探索] 的選項。On the General tab, select the option to Enable network discovery.

    • 從 [探索類型] 選項中,選取您想要執行的探索類型。Select from the Type of discovery options the type of discovery that you want to run.

    • 啟用 [低速網路] 選項,讓 Configuration Manager 可用來自動調整低頻寬網路。Enable the Slow network option for Configuration Manager to make automatic adjustments for low-bandwidth networks.

  5. 若要設定探索來搜尋子網路,請切換至 [子網路] 索引標籤。接著,設定下列一或多個選項:To configure discovery to search subnets, switch to the Subnets tab. Then configure one or more of the following options:

    • 若要在執行探索的本機電腦子網路上執行探索,請啟用 [搜尋本機子網路] 的選項。To run discovery on subnets that are local to the computer that runs discovery, enable the option to Search local subnets.

    • 若要搜尋特定子網路,請確認子網路列在 [要搜尋的子網路] 中,且 [搜尋] 值為 [已啟用]:To search a specific subnet, make sure that the subnet is listed in Subnets to search and has a Search value of Enabled:

      1. 如果未列出子網路,請選取 [新增] 圖示 新增圖示If the subnet isn't listed, select the New icon New icon. 在 [新增子網路指派] 對話方塊中,輸入子網路遮罩資訊,然後選取 [確定]。In the New Subnet Assignment dialog box, enter the Subnet and Mask information, and then select OK. 預設為啟用新的子網路以進行搜尋。By default, a new subnet is enabled for search.

      2. 若要變更所列子網路的搜尋值,請在清單中選取它。To change the Search value for a listed subnet, select it in the list. 接著,選取 [切換] 圖示,以便在 [停用] 和 [啟用] 之間切換值。Then select the Toggle icon to switch the value between Disabled and Enabled.

  6. 若要設定探索來搜尋網域,請切換至 [網域] 索引標籤。接著,設定下列一或多個選項:To configure discovery to search domains, switch to the Domains tab. Then configure one or more of the following options:

    • 若要在執行探索的電腦網域上執行探索,請啟用 [搜尋本機網域] 的選項。To run discovery on the domain of the computer that runs discovery, enable the option to Search local domain.

    • 若要搜尋特定網域,請確認網域列在 [網域] 中,且 [搜尋] 值為 [已啟用]:To search a specific domain, make sure that the domain is listed in Domains and has a Search value of Enabled:

      1. 如果未列出網域,請選取 [新增] 圖示 新增圖示If the domain isn't listed, select the New icon New icon. 在 [網域內容] 對話方塊中輸入網域資訊,然後選取 [確定]。In the Domain Properties dialog box, enter the Domain information, and then select OK. 預設為啟用新的網域以進行搜尋。By default, a new domain is enabled for search.

      2. 若要變更所列網域的搜尋值,請在清單中選取它。To change the Search value for a listed domain, select it in the list. 接著,選取 [切換] 圖示,以便在 [停用] 和 [啟用] 之間切換值。Then select the Toggle icon to switch the value between Disabled and Enabled.

  7. 若要設定探索來搜尋 SNMP 裝置的特定 SNMP 群體名稱,請切換至 [SNMP] 索引標籤。接著,設定下列一或多個選項:To configure discovery to search specific SNMP community names for SNMP devices, switch to the SNMP tab. Then configure one or more of the following options:

    • 若要將 SNMP 群體名稱新增至 SNMP 群體名稱清單,請選取 [新增] 圖示 新增圖示To add an SNMP community name to the list of SNMP Community names, select the New icon New icon. 在 [新增 SNMP 群體名稱] 對話方塊中,指定 SNMP 群體的名稱,然後選取 [確定]。In the New SNMP Community Name dialog box, specify the Name of the SNMP community, and then select OK.

    • 若要移除 SNMP 群體名稱,請選取該群體名稱,然後選取 [刪除] 圖示 刪除圖示To remove an SNMP community name, select the community name, and then select the Delete icon Delete icon.

    • 若要調整 SNMP 群體名稱的搜尋順序,從清單中選取群體名稱。To adjust the search order of SNMP community names, select a community name from the list. 接著,選取 [將項目向上移] 圖示上移圖示 或 [將項目向下移] 圖示 下移圖示Then select the Move Item Up icon Move UP Icon or the Move Item Down icon Move Down Icon. 執行探索時,會以由上向下的順序搜尋群體名稱。When discovery runs, community names are searched in a top-to-bottom order.

    • 若要設定 SNMP 搜尋所使用的路由器躍點數上限,從 [躍點數上限] 下拉式清單選取躍點數。To configure the maximum number of router hops for use by SNMP searches, select the number of hops from the Maximum hops drop-down list.

  8. 若要設定 SNMP 裝置,請切換至 [SNMP 裝置] 索引標籤。如果未列出裝置,請選取 [新增] 圖示 新增圖示To configure an SNMP device, switch to the SNMP Devices tab. If the device isn't listed, select the New icon New icon. 在 [新增 SNMP 裝置] 對話方塊中,指定 SNMP 裝置的 IP 位址或裝置名稱,然後選取 [確定]。In the New SNMP Device dialog box, specify the IP address or device name of the SNMP device, and then select OK.

    注意

    如果指定裝置名稱,Configuration Manager 必須能夠將 NetBIOS 名稱解析為 IP 位址。If you specify a device name, Configuration Manager must be able to resolve the NetBIOS name to an IP address.

  9. 若要設定探索來查詢特定的 DHCP 伺服器,請切換至 [DHCP] 索引標籤。接著,設定下列一或多個選項:To configure discovery to query specific DHCP servers, switch to the DHCP tab. Then configure one or more of the following options:

    • 若要查詢正在執行探索之電腦上的 DHCP 伺服器,請啟用 [永遠使用站台伺服器的 DHCP 伺服器] 的選項。To query the DHCP server on the computer that is running discovery, enable the option to Always use the site server's DHCP server.

      注意

      若要使用此選項,伺服器必須向 DHCP 伺服器租用其 IP 位址,且不能使用靜態 IP 位址。To use this option, the server must lease its IP address from a DHCP server and can't use a static IP address.

    • 若要查詢特定的 DHCP 伺服器,請選取 [新增] 圖示 新增圖示To query a specific DHCP server, select the New icon New icon. 在 [新增 DHCP 伺服器] 對話方塊中,指定 DHCP 伺服器的 IP 位址或伺服器名稱,然後選取 [確定]。In the New DHCP Server dialog box, specify the IP address or server name of the DHCP server, and then select OK.

      注意

      如果指定伺服器名稱,Configuration Manager 必須能夠將 NetBIOS 名稱解析為 IP 位址。If you specify a server name, Configuration Manager must be able to resolve the NetBIOS name to an IP address.

  10. 若要設定探索執行時間,請切換至 [排程] 索引標籤。然後選取 [新增] 圖示 新增圖示 來設定執行網路探索的排程。To configure when discovery runs, switch to the Schedule tab. Then select the New icon New icon to set a schedule for running Network Discovery. 您可以設定多個週期性排程和多個非週期性排程。You can configure multiple recurring schedules, and multiple schedules that have no recurrence.

    注意

    如果 [排程] 索引標籤同時顯示多個排程,則網路探索會針對所有排程,按照排程上指示的設定時間執行。If the Schedule tab shows more than one schedule at the same time, Network Discovery runs for all schedules as it's configured at the time indicated in the schedule. 此行為也適用於週期性排程。This behavior is also true for recurring schedules.

  11. 選取 [確定] 以儲存設定。Select OK to save your configurations.

如何確認網路探索是否已完成How to verify that Network Discovery has finished

完成「網路探索」所需的時間可能因下列一或多個因素而有所不同:The time that Network Discovery requires to finish can vary depending on one or more of the following factors:

  • 網路的大小The size of your network

  • 網路的拓撲The topology of your network

  • 設定為尋找網路中路由器的躍點數目上限The maximum number of hops that are configured to find routers in the network

  • 執行的探索類型The type of discovery that is being run

網路探索不會在其完成時,建立訊息來警示您。Network Discovery doesn't create messages to alert you when it's finished. 使用下列程序來確認探索已完成:Use the following procedure to verify when discovery has finished:

  1. 在 Configuration Manager 主控台中,按一下 [監視] 工作區。In the Configuration Manager console, go to the Monitoring workspace. 展開 [系統狀態],然後選取 [狀態訊息查詢] 節點。Expand System Status, and then select the Status Message Queries node.

  2. 選取 [所有狀態訊息] 查詢。Select the All Status Messages query.

  3. 在功能區 [常用] 索引標籤的 [狀態訊息查詢] 群組中,選取 [顯示訊息]。On the Home tab of the ribbon, in the Status Message Queries group, select Show Messages.

  4. 在 [所有狀態訊息] 視窗中,從 [選取日期和時間] 下拉式清單中選取值,其中包含探索是在多久以前開始。In the All Status Messages window, select a value from the Select date and time drop-down list that includes how long ago the discovery started. 接著,選取 [確定] 以開啟 Configuration Manager 狀態訊息檢視器Then select OK to open the Configuration Manager Status Message Viewer.

    提示

    您也可以使用 [指定日期和時間] 選項以選取您執行探索的特定日期和時間。You can also use the Specify date and time option to select a given date and time that you ran discovery. 如果您在特定日期執行網路探索,並且只想要擷取該日期的訊息時,此選項就很有用。This option is useful when you ran Network Discovery on a given date and want to retrieve messages from only that date.

  5. 若要驗證網路探索是否完成,請搜尋包含下列詳細資料的狀態訊息:To validate that Network Discovery has finished, search for a status message that has the following details:

    • 訊息識別碼:502Message ID: 502

    • 元件:SMS_NETWORK_DISCOVERYComponent: SMS_NETWORK_DISCOVERY

    • 描述:此元件已停止Description: This component stopped

    如果未出現此狀態訊息,表示「網路探索」尚未完成。If this status message isn't present, Network Discovery hasn't finished.

  6. 若要在網路探索開始時進行驗證,請搜尋包含下列詳細資料的狀態訊息:To validate when Network Discovery started, search for a status message that has the following details:

    • 訊息識別碼:500Message ID: 500

    • 元件:SMS_NETWORK_DISCOVERYComponent: SMS_NETWORK_DISCOVERY

    • 描述:此元件已啟動Description: This component started

    這項資訊會確認網路探索已啟動。This information verifies that Network Discovery started. 如果沒有此資訊,請重新排定「網路探索」。If this information isn't present, reschedule Network Discovery.