I have a rather large amount of entries in AD that are active but system is not reporting to Snow and klooking for a good method to clear this.
Firewalls can be part of the issue. Check that the systems you're missing can see your internal IDR.
We deploy our Snow agent using Group Policy which on the whole works well. Just bear in mind that GPO usually requires one or two reboots for the agent to fully deploy - if you're not frequently rebooting your servers this can mean considerable delays between deployment (and showing active in AD) and reporting inventory to Snow.
We had the same issue. It worked out deployment of the Snow agent was not always done when a new server was created so we had this fixed via the server creation runbook, SCCM etc. We also noticed the de-commissioning of systems was not always including the removal of the system from the AD. By adding a dedicated task to the de-com process of systems we got this under control as well. Most of the systems which are now in AD but have no Snow agent installed are appliances so that’s Ok. If a system slips through we have a monthly recurring task to check on these by comparing to the CMDB if it is a system which can/should have the Snow agent installed and we create a service request to get this fixed asap.
Yes, I see similar issues here and biggest problem is the migration to Windows 10. De-commisioning is a factor but also having many mobile systems outside the firewall (we now have an external IDR to overcome that). Be interested to see other responses but this helps.
I would address the issues with your build teams so that the processes are embedded when they perform commissioning and decommissioning work - the agent isn't an 'option' this is mandatory like installing AV. We have built in QA checks during these processes and at the end to ensure all actions have been completed correctly (you can automate a lot of this).
We also run daily checks against our CMDB to ensure everything out there has an agent installed (where it should) and they are reporting on correctly. As part of these checks you can easily build in way to ignore certain AD entries e.g. cluster, LBN etc
Retrieving data ...