Environment:Windows Server 2008 SP2 R2 64bitSCCM 2007 SP2 R2SQL 2005 SP3 64bit1 Central Site20 Child Primary Sites840 Secondary SitesOur business requirement is the ability to deploy to new users that are added as members of existing AD security groups.We currently have User Discovery enabled to run Daily on each child primary site, which is discovering 88,xxx objects.We also have AD Security Group discovery enabled to run Daily.The Central sites inboxes\auth\ddm.box is being overloaded with 2 million plus DDR's each day, and is unable to process them all in a 24 hour period.My question is, are we using User & Security Group discovery in the right manner?Does User Discovery need to run daily to ensure we identify new user accounts that are members of AD Security Groups that are targeted with Advertisements, or is User Discovery only necessary if we want to target specific user accounts in an advertisement?Is Security Group discovery only needed as our discovery method if we want to target advertisments at AD Security Groups?Thanks, Jeff

HiThis may Help.Check the DDM.log,If any of the *.ncf file has processing many time...delete that .ncf file in inboxes\auth\ddm.box.http://support.microsoft.com/kb/925969http://www.myitforum.com/forums/m_126506/mpage_1/key_/tm.htm#126506

You need to look at http://www.systemcentertools.com/esd2007.html It will solve your problems and you run it every 10 minutes too. http://www.enhansoft.com/

It's not that we are discovery invalid objects or have bad ddr's, it's the volume. The only way to get the user & group discovery information populated at the child primary sites, both discovery methods have to be run. What I don't know is if I need User Discovery to run in order to advertise to an AD Group.

Hi Jeff,Nice seing you in these forums :-) You don't need to run a user discovery when targeting software to AD Security groups (just tested and verified it). If you are not targeting software to users I don't see any reason why you need to run that (user) discovery process.Kent Agerlund | http://scug.dk/members/Agerlund/default.aspx | The Danish community for System Center products

Thanks Kent. We are going to reconfigure discovery for just Security Group discovery and then test from there.