Caveat on Configuration Manager 2007 Delta Discovery
Alright so here’s one catch about Configuration Manager’s delta discovery. We’ve had this feature ever since ConfigMgr 2007 R3 where it was first introduced and this follows through to ConfigMgr 2012 too. Ever wondered if you’ve got Delta Discovery running every 5 minutes, why would I ever need to run a Full Discovery? Is it even necessary?
Active Directory Delta Discovery is an option that allows Configuration Manager to discover only new or changed resources in Active Directory independently of a full discovery cycle. What it does not do is when there is a change of group membership. That happens when you remove a user from a Active Directory group or add to another Active Directory group. You might think that the Delta Discovery will pick it up and therefore will immediately impact your deployments of either a Software Update or Application. And this is the catch. group membership changes is NOT discovered by Delta Discovery and that is the memberof attribute. This change is only picked up by a Full Discovery. So if you’re hoping that this change will impact your deployment of a software when a user is removed from a group, think again. It’ll probably take you a maximum of 24 hours (assuming that your Full Discovery interval) to see this reflected in Configuration Manager.
Some other things it does not support is al discovery across forests where the trust type is set to external. Delta Discover does support forest trusts though. So take note yah!
The good news though is that this has changed in ConfigMgr 2012. Group membership is one of the attributes that is picked up by Active Directory Delta Discovery; either User or System discovery. One thing though, it cannot detect when a resource has been deleted from AD DS. That would still require the Full Discovery to pick it up.