Skip to main content This browser is no longer supported. Show Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Define network locations as boundaries for Configuration Manager
In this articleApplies to: Configuration Manager (current branch) Configuration Manager boundaries are locations on your network that contain devices that you want to manage. You can create different types of boundaries, for example, an Active Directory site or network IP address. When the Configuration Manager client identifies a similar network location, that device is a part of the boundary. Configuration Manager supports the following boundary types:
You can manually create individual boundaries or use Active Directory forest discovery. This discovery method automatically finds and creates boundaries for IP subnets and Active Directory sites. When Active Directory forest discovery identifies a supernet for an Active Directory site, Configuration Manager converts the supernet into an IP address range boundary. If a device isn't in the boundary you expect, it may because you haven't defined its network location as a boundary. When the network location of a device is in doubt, use the following Windows commands on the device to confirm:
Boundary typesIP subnetThe IP subnet boundary type requires a Subnet ID. For example, Note Configuration Manager doesn't support the direct entry of a supernet as a boundary. Instead, use the IP address range boundary type. Active Directory siteFor the Active Directory site boundary type, you specify the site name. You can type the name or browse the local forest of the site server. When you specify an Active Directory site for a boundary, the boundary includes each IP subnet that's a member of that Active Directory site. If the configuration of the Active Directory site changes in Active Directory, the network locations included in this boundary also change. Active Directory site boundaries don't work for pure Azure Active Directory (Azure AD) devices, also called cloud domain-joined devices. If they roam on-premises, and you only create Active Directory site type boundaries, these devices won't be in a boundary. Tip Use the following Windows command to see a device's
current Active Directory site: To determine if a client is cloud domain-joined, use the following Windows command: IPv6 prefixFor the IPv6 prefix boundary type, you specify a Prefix. For
example, IP address rangeFor the IP address range boundary type, specify the Starting IP address and Ending IP address for the range. The range can include part of an IP subnet or multiple IP subnets. Use an IP address range boundary type to support a supernet. You can also use this type to define a boundary for a single IP address. Set both the starting and ending IP addresses as the same value. This configuration may be useful for unique devices or test environments. VPNStarting in version 2006, to simplify managing remote clients, create a boundary type for VPNs. When a client sends a location request, it includes additional information about its network configuration. Based upon this information, the server determines whether the client is on a VPN. For Configuration Manager to associate the client in the boundary, connect the device to the VPN. You can configure a VPN boundary in several ways:
Important To take full advantage of this feature, after you update the site, also update clients to the latest version. New functionality appears in the Configuration Manager console when you update the site and console. The complete scenario isn't functional until the client version is also the latest. To use this VPN boundary during an OS deployment, make sure to also update the boot image to include the latest client binaries. Starting in version 2111, you can now match the start of a connection name or description instead of the whole string. Some third-party VPN drivers dynamically create the connection, which starts with a consistent string but also has a unique connection identifier. For example, Create a boundary
Configure a boundaryTip When you create a boundary, Configuration Manager automatically names it based on the type and scope of the boundary. You can't modify this name. To help identify the boundary in the Configuration Manager console, specify a description.
Next stepsEach boundary is available for use by every site in your hierarchy. After you create a boundary, add the boundary to one or more boundary groups. FeedbackSubmit and view feedback for What is the use of boundary in SCCM?Boundaries in Configuration Manager define network locations on your intranet. These locations include devices that you want to manage. Boundary groups are logical groups of boundaries that you configure. A hierarchy can include any number of boundary groups.
What are discovery methods in SCCM?Types of SCCM Discovery Methods. Active Directory System Discovery. Finds PCs in your association from indicated areas in Active Directory. ... . SCCM Active Directory Group Discovery. ... . Configuration Manager Active Directory User Discovery. ... . Active Directory Forest Discovery. ... . Heartbeat Discovery. ... . Network Discovery.. What is default site boundary group in SCCM?By default, Configuration Manager creates a default site boundary group at each site. To configure boundary groups, associate boundaries and site system roles to the boundary group. This configuration helps associate clients to site system servers that are located near the clients on the network.
|