Part 16: Reporting Services

Reporting Services are essential for getting data out of SCCM, this provides operational insights and assists in supporting and managing the platform.

  1. Install SQL Reporting Services feature – We already compeleted this in PART 4: INSTALLING SQL 2016.
  2. Open Reporting Services Configuration Manager – Start > All Programs Microsoft SQL Server 2016 > Reporting Services Configuration Manager
  3. Click Connect
  4. Click database
  5. Click change database
  6. Select ‘create a new report server database’
  7. Test Connection and click next
  8. Click Next
  9. Click Next
  10. Click Next
  11. Confirm successful
  12. Select Web Service URL and click apply
  13. Select Web Portal URL and click apply
  14. Open SCCM Console
  15. Browse to Administration > Sites Configuration > Servers and Site System Roles
  16. Select Add Site System role
  17. Click Next
  18. Click Next
  19. Select Reporting Service point and click next
  20. Click ‘Verify’ and set your reporting services account.
  21. Click Next
  22. Confirm successful
  23. After about 5 minutes you should start seeing reports populated under Monitoring > Reports.

Part 9: Boundaries & Boundary Groups

Boundaries have got to be one of the most overlooked and difficult to grasp concepts in ConfigMgr. While not overly complex a lot of people don’t really understand how they work, particularly IP Subnets which are unfortunately not an accurate representation of what they are.

What are they

The short answer is a boundary is a network location that a client can identify as being on. These are in turn grouped together so that resources like Distribution Points and site systems can be associated with them.

Why you need them

Without boundaries clients don’t know where to go to get content or what site they should connect to (only if you have multiple sites in your environment). When you configure a boundary, lets call it Boundary A and associate it with Boundary Group ‘Sydney’, Clients that identify as being on Boundary ‘A’ will go to the Distribution Point associated with Boundary group ‘Sydney’.

It’s critical for networks that boundaries be configured so that content distribution can be managed in a way that does not saturate WAN links. This can be particularly a problem for links that are small like 2Mb.


  • IP Subnet – This is a bit of a misnomer, these boundaries are actually subnet ID’s NOT subnets. There is quite a bit of confusion around how these work, suffice it to say that you want to only use /24 subnets when using this type of boundary.
  • Active Directory Site – Imported directly from AD Sites and Services. Requires Forest discovery to be configured.
  • IPv6 Prefix – Like IP Subnets but for IPv6.
  • IP Address Range – Explicit range of IP addresses. Not recommended to be used due to the high SQL performance impact.

Bulk creation

Kaido Järvemets has written an excellent script for completing this, for all the details check it out here.

[Threading.Thread]::CurrentThread.CurrentCulture = 'en-US'
$XLSX = New-Object -ComObject "Excel.Application"

$BoundariesXLSXFile = "C:\Users\Administrator\Desktop\CM_Boundaries.xlsx"
$Path = (Resolve-Path $BoundariesXLSXFile).Path
$SavePath = $Path -replace ".xl\w*$",".csv"

$WorkBook = $XLSX.Workbooks.Open($Path)

$Boundaries = Import-Csv $SavePath

foreach($Item in $Boundaries)
Switch($item.'Boundary Type')

"IP Subnet" {$Type = 0}
"Active Directory Site" {$Type = 1}
"IPv6" {$Type = 2}
"Ip Address Range" {$Type = 3}


$Arguments = @{DisplayName = $Item.'Display Name'; BoundaryType = $Type; Value = $Item.Value}

Set-WmiInstance -Namespace "Root\SMS\Site_PRI" -Class SMS_Boundary -Arguments $Arguments -ComputerName Server100

My Recommendation

There’s much to be said about using IP Subnets and how they’re evil. My experience is that if you’ve got them defined and you’re only using /24 addresses then you’ll be fine. Where this is not the case leverage IP Ranges.

Further reading:
ConfigMngrFTW – IP Subnet Boundaries Are Still Evil
TechNet – Planning for Boundaries and Boundary Groups in Configuration Manager

Part 8: Discovery Methods

SCCM has a number of discovery methods which it uses to populate SCCM with resource records. You need these so you can do good stuff like deploy apps, operating systems, software updates, compliance and do reporting. If you choose not to enable these you’ll have a very empty ConfigMgr environment.

  • Active Directory Forest Discovery
    • What: Discovers subnets via sites and services and forests/domains for publishing SCCM
    • Why: Required for SCCM to be published to the forest/domain. Also allows boundaries to automatically be created based on sites and services.
    • Best Practice: Enabled but without auto boundary creation (unless you have immaculate AD sites and services).
  • Active Directory Group discovery
    • What: Discover all AD groups and their members
    • Why: Essential for deploying things to AD groups and also reporting.
    • Best Practice: Enable it!
  • Active Directory System Discovery
    • What: Scans AD for all computer objects
    • Why: Essential for identifying all computers in the organisation before the client has been deployed.
    • Best Practice: Enable it!
  • Active Directory User Discovery
    • What: Scans AD for all user account objects
    • Why: Like computers chances are you’ll want to deploy or advertise software to users.
    • Best Practice: Enable it!
  • Heartbeat Discovery
    • What: Unlike other discovery heartbeat is all about the client sending a packet of info to the primary site server
    • Why: Provides health, client details, network location etc.
    • Best Practice: Don’t turn this off it’s required
  • Network Discovery
    • What: Queries DHCP, ARP Tables on Routers, SNMP and AD
    • Why:  May be useful if you need to discover workgroup compouters
    • Best Practice: Don’t use unless required, my experience has been that turning this on pollutes your DB.

Continue reading

Part 7: Software Update Point & SCUP (With HTTPS)

If you’re looking to manage patches with SCCM, and lets face it why wouldn’t you be, then you’ll need to install the software update point role. In this post we’ll install and configure everything you need to get started including the System Center Update Publisher which allows you to deploy non Microsoft updates via SCCM.

In Part 3: Prep & Pre-reqs we installed WSUS, lets get to configuring everything.

Continue reading

SCCM Compliance: Where to start

Compliance in SCCM is one of the most powerful and overlooked features, ultimately your imagination is the only limit to what it can do. There’s a whole range of ways you can use compliance but the most powerful is PowerShell. There’s a few things you want to do before you start building any Configuration item’s or baselines though.

  1. Change your PowerShell execution to Bypass in SCCM client settings
  2. Deploy Windows Management Framework 4.0 – Don’t reinvent the wheel just deploy it as an application using scripts ‘ wusa.exe Windows6.1-KB2819745-x64-MultiPkg.msu /quiet /norestart’
  3. Check PowerShell version across the board using compliance

To get started some great things to use compliance for include:

  1. SOE related settings
  2. Are core apps installed and healthy?
  3. Is AV running?
  4. Are your certificates installed on all systems?