Discovery and domain controllers or lack there of

steve_mc · ‎09-23-2018

Going by this page

https://docs.servicenow.com/bundle/kingston-it-operations-management/page/product/discovery/reference/r-ActiveDirectory.html

It states:

Discovery creates or updates a CMDB record when it detects a running instance of Active Directory Domain Controller on Windows machines.

By default, Discovery uses the Active Directory Domain Controller On Windows pattern to perform the discovery.

=======================

So im wondering, why do I not have any domain controllers that run on a windows server after running a discovery against the machine.

Anyone else come across this. Am I thinking incorrectly and expecting too much from discovery and even the document that seems to state it should find them.

robertgeen · ‎09-23-2018

Steve,

I don't know how you have your account setup but typically Discovery struggles to discover Domain Controllers because you can't grant it local admin access without giving it domain admin which most organizations won't grant (as you could literally destroy the entire domain if something goes wrong). My guess is that your account probably isn't discovering the running process/tcp/ip correctly due to not having local admin and this is causing the process classifier to not be triggered. Can you confirm if processes are discovered for the record?

steve_mc · ‎09-25-2018

Hi Robert thanks for the response.

I have given SN a domain admin account and run a discovery against a domain controller. At no point do I see it even tries "Active Directory Domain Controller On Windows pattern" in any of the discovery logging and still no domain controller

A little confused also on what I have done on our dev. I have tested moving from probes to patterns. How is the "Active Directory Domain Controller On Windows pattern" supposed to run when it isnt a shared pattern and dont think it is referenced in the windows pattern that discovers the windows server. Only one pattern can be referenced

Michael Skov2 · ‎09-25-2018

1. Can you provide a screenshot of the discovery run when running quick discovery of the target?

2. Enter debug mode for the pattern using that domain controller, and see what happens

3. Which credentials are being used (wondering if your Domain Admin account isnt being used for the discovery)?

jimit · ‎10-18-2020

I know this post is 2 years old now, but I've found the same issue. I have also found the root cause.

I followed the step by step guide as per paris version:
https://docs.servicenow.com/bundle/paris-it-operations-management/page/product/discovery/reference/r-ActiveDirectory.html

I struggled to find the cause and after some time wastage, the issue is with the documentation. In particular, this line has an error, the pattern doesn't find the additional "e" in "exe". Drop the last "e" in "exe" and it will finally work.

Condition: Name | contains | microsoft.activedirectory.webservices.exe

Should be
Condition: Name | contains | microsoft.activedirectory.webservices.ex

But I have another problem, it discovers two domains of the same domain name and both domain controllers tree view are spread across the domains. Hard to explain, but here is a screenshot of what I am finding...