I am trying to find a way to locate machines not running ZCM.

I created an LDAP discovery and bound it to my OU's in my AD LDAP. It discovered the clients. But it discovered many which are powered on and running ZCM as unmanaged. I can see in ZCC where said devices have communication times that are within the 2 hour window we have configured for refresh.

I have about 60 devices out of about 600. Some are powered off, but many are actually running ZCM and powered on.

What criteria does ZCC LDAP discovery use to think a device is not managed? I'd like to be able to run this discovery and have usable results, just not sure what I need to tweak.