Directory Logon Scanning: How to discover Computers that are only sporadically connected to the Network?

Dear JDisc friends,
we have now completed a new feature that we have announced for quite some time, but that has now be completed in the new major release JDisc Discovery 5.0.

The new feature is called Directory Logon Scanning.

So what is the new feature all about. One of the major challenges for agent-less discovery tools are devices that are only occasionally connected to the network. For instance sales reps might be traveling during the week and usually, they are only occasionally connected to the network via VPN or coming to the office.

Agent-less discovery tools usually scan the network periodically and will find occasionally connected devices only accidentally. This is because devices must be online at the time of the scan.

How does it work?

Let’s assume we have already scanned our network and found all domain controllers. When a notebook connects to the network (either via VPN or directly connected to the corporate network), one of the domain controller updates the computers’ logon time. By the way: This is not the time when a user actually logs on to the domain! During the boot process, member computers automatically connect to a domain controller – even if no user is logged on.

JDisc Discovery polls all domain controllers regularly and queries for computers that have recently connected (logged on). Those computers will be added to the discovery queue with higher priority than “normal”.

Active Directory environment
Directory Logon Scanning

The image above shows a typically Active Directory environment. In the example, there is a root domain having two sub-domains. Each domain has a set of domain controllers serving logon requests of the domain. Within each domain, domain controllers exchange information between each other but also replicate information with the Global Catalog across domain boundaries.

So lets suppose JDisc Discovery polls all domain controllers every 15 minutes. You sales director arrives at the office on a Friday afternoon and connects his notebook to the corporate network. As soon as the notebook starts up, it connects to one of the domain controllers. The domain controller updates the login date accordingly. Again note: This happens during startup of the notebook and does not require any user to logon!

While polling and querying all the domain controllers for recently logged on computers, JDisc Discovery finds the hostname of the sales directors’ notebook and inserts this into the discovery device queue with high priority. The directory logon scanning feature makes sure member computers are discovered as these are started and come online.

How to configure?

The best practice to setup Directory Logon Scanning is to start with a new discovery job. Open the Discovery Configuration dialog and add a new dictory group.

Adding a new Directory Group
Adding a new Directory Group

There are several aspects to configure Directory Logon Scanning:

  • The set of directory objects (DNS domains, Organizational Units or Containers) that determine where to search for recently logged-on computers
  • The polling interval for the domain controllers (how often to poll for new logon information)
  • Setting a throttling intervall to prevent unwanted rediscovery of computers that are repeatably rebooted

Configure the Directory Objects

Now let’s configure the directory objects to be scanned. Open the Directory tab and enable the directory objects that you want to seach for new device logons. You can either enable only the selected directory object or enable all sub-ordinary directory objects to search for recently logged on computers.
When selecting all sub-ordinary directory objects, these are marked with a greyed out icon (as shown in the image below).

Selecting the directory objects to scan
Selecting the directory objects to scan

Define the Polling Interval

To discover recently logged computers, the domain controllers (serving the configured directory objects) must be polled frequently in short intervals. To define the polling interval, you simply create a new discovery job (Schedule type set to: recurring) for the newly created directory group. The (recurring) jobs’ interval will be the polling interval. We recommend a polling interval between 15 and 30 minutes.

The Job Schedule
The Job Schedule defines the Polling Interval

Set the Rediscovery Throttling Interval

When you have just discovered a computer, you might not want to rediscover it again because the computer is rebooted or reconnected to the network. You can use the “Discover devices only once within day(s)” option of the discovery job to throttle too frequent rediscoveries.

Discover a Device only once a day
Discover a Device only once a day

Some important Notes

The logon time is not replicated (in a timely manner) in the Active Directory Global Catalog. This is why the discovery queries all domain controllers of a domain for which you have configured directory objects. This requires:

  • All domain controllers have been successfully scanned by JDisc Discovery
  • You have configured access credentials (service accounts) for all domains in the DNS Domain Controller dialog.

Luckily, there is an easy (not well known way) but to discover all domain controllers of a domain. Choose the menu item Discovery > Discover Device… and enter the domain name.

Domain Controller Discovery
Domain Controller Discovery

Clicking OK will trigger a discovery of all domain controllers of a domain.

I hope the new Directory Logon Scanning feature will make the discovery of occasionally connected computers / devices easier and getting a more complete inventory of your client computer environment.

Feel free to provide feedback


About The Author

Thomas Trenz
I own and manage JDisc and its network inventory and discovery products. Before I started JDisc, I worked quite a long time for Hewlett-Packard developing software for network assessments and inventory projects. Feel free to contact me on Linked-In or Xing.

Leave A Comment

Der Zeitraum für die reCAPTCHA-Überprüfung ist abgelaufen. Bitte laden Sie die Seite neu.