CMDB Discovery Question - Directory Servers(AD,DC) not showing up under Directory Servers listing

Chrisww21 · ‎02-13-2019

I am new to Servicenow so please forgive my lack of knowledge/terminology. In the Enterprise CMDB Dashboard my AD/DC servers are not showing up after discovery in the Infrastructure/Directory Servers. I have a few others that do not show up as well such a FTP Email. Am I missing something or not doing something correctly during discovery? I am just following the directions for Probe Discovery. Thanks any assistance is much appreciated.

DaveHertel · ‎02-13-2019

Yes, don't confuse classification of the OS/box with its intended purpose (typically a software-driven perspective). The running processes / apps can be classified, and they are reflected in CMDB as CI's pertaining to Apps... such as Active Directory is software ... running on top of a Windows OS box.

If this has been helpful, please consider selecting Helpful Link and/or Correct answer -- this encourages participation in the community by everyone 🙂 Thanks, Dave

View solution in original post

DaveHertel · ‎02-13-2019

Hi -- Assuming Discovery is working for other stuff (besides the machines you are looking for specifically in your question), then have your Discovery admin verify
1. Are the IP addresses of the missing machines, included in Discovery scanning scope? The IP / subnet / ranges have to be included of course for Discovery to attempt to scan them.

2. Are Windows admin credentials defined on the instance that will allow Discovery of the missing machines? (I'm betting not.... since your post implies that these may be Domain Controllers? (DC?). As such, often security is very leery about allowing Disco to scan DCs. Maybe your experience is different... but be sure Discovery has proper credentials to do the scanning of the missing machines.

Does this help? Hope so..

Chrisww21 · ‎02-13-2019

Thanks Dave we do have an a service account within the domain that allows to scan other windows machines and they get classified as such MSSQL, MYSQL, Tomcat, IIS and so on. It is just the Directory Servers which have the same service account with admin privileges.. This is not in a Prod setting but in a test lab. I will double check the IP range however when I do a discovery on the individually server itself it still doesn't classify as an AD/DC it sees the running applications etc.. it just doesn't appear under Discovery Server in the dashboards. I can add it manually and it will show up in CMDB, but that defeats the purpose of being able to scan and classify. I must be missing something I just don't know what.

DaveHertel · ‎02-13-2019

So the basic discovery of the box is working (it sounds like) but you are concerned with classication - as a "Domain Controller" or something else? is that the question? If so, out of the box, Discovery won't class a box as a Domain Controller.... it SHOULD be classifying the box as a Windows 20xx box (or 2008,etc.).

Classifiers can be built as needed to look for running processes, etc. (Active Directory or...) to capture those items as CIs

I know a windows box won't be classified as a Domain Controller or Active Directory box -- unless you customize Disco probes/patterns. The HW is classified by OS type, not its function.. (like an AD box)

Does this help?

Chrisww21 · ‎02-13-2019

Hi Dave, yes that does help. You are exactly right discovery is working OOTB and does tell me OS, etc. I was curious about the classification so what you said I am tracking. Maybe it is a moot point to go down that path to modify classification, but it maybe something I do when I cross that bridge. Thank you for your clarification and your assistance.