The Configuration Management Database (CMDB) is the backbone of ITSM in ServiceNow. Every incident, every change request, every problem investigation depends on it. And yet, most organizations treat it like a data dumping ground — full of duplicate records, stale relationships, and CIs that haven't been updated since 2019.
A bad CMDB isn't just annoying. It actively hurts your ITSM outcomes. Impact analysis becomes a guessing game. Change advisory boards lose confidence. Performance Analytics dashboards show garbage.
Here's how to fix that. These 7 rules will keep your CMDB healthy, accurate, and genuinely useful.
The single most common CMDB problem is duplicate configuration items. Same server, three records. Same application, five entries with slightly different names.
Duplicates break impact analysis. When an incident fires on "web-prod-03," the system may only resolve one of the records, missing half the affected services.
How to fix it:
CmdbCiDuplicate table or a scheduled report.// Example: Find duplicate CIs by host name in GlideRecord
var gr = new GlideRecord('cmdb_ci');
gr.addAggregate('COUNT', 'name');
gr.addQuery('name', '!=', '');
gr.addHaving('COUNT', 'name', '>', '1');
gr.query();
while (gr.next()) {
gs.info('Duplicate CI: ' + gr.name);
}
CMDB class hierarchy exists for a reason. A CI's class determines what fields are available, how relationships are visualized, and what data appears in Discovery results. Misclassifying a CI — calling a virtual machine a "hardware server," for example — breaks relationship mapping.
How to fix it:
CIs without relationships are isolated islands. They don't support impact analysis, they don't populate the ServiceNow Dependency View, and they make Change Management's job nearly impossible.
Every significant CI should have at least one of: hosted on, runs on, depends on, used by, or network relationship.
How to fix it:
Not all fields are equal. The most critical fields for ITSM workflows are:
A CI with a name but no assignment group is nearly useless during an incident.
How to fix it:
Stale CIs are a silent killer. A server that was decommissioned two years ago but still appears in your CMDB creates false positives in impact analysis. Change Management approves a change thinking it's low-risk, and the "decommissioned" server is actually still running a critical dependency.
How to fix it:
// Find CIs not updated in 90 days (excluding retired)
var gr = new GlideRecord('cmdb_ci');
gr.addQuery('u_retire_date', '');
gr.addNotNullQuery('sys_updated_on');
var ninetyDaysAgo = new GlideDateTime();
ninetyDaysAgo.setDaysAgo(90);
gr.addCondition('sys_updated_on', '<', ninetyDaysAgo);
gr.query();
gs.info('Stale CIs found: ' + gr.getRowCount());
The CMDB is not a standalone database. It needs to be in sync with your change management and incident processes to stay accurate. Every change that affects infrastructure should update the CMDB as a direct output.
How to fix it:
Discovery exists so you don't have to maintain the CMDB manually. MID servers scanning your infrastructure should be the primary source of truth for server, network, and cloud CIs. Manual entries should be the exception, not the rule.
How to enforce this:
ServiceNow provides a built-in CMDB Health Dashboard (CMDB > Health Dashboard) that scores your CMDB across five dimensions:
Use this dashboard to set quarterly improvement goals. A jump from 65% to 80% health score will measurably improve your ITSM outcomes.
The CMDB is only as good as the discipline you apply to it. These seven rules aren't complex, but they require consistent process discipline — especially around Discovery schedules, change-to-CMDB updates, and regular audits.
Pick one rule, implement it this week, and measure the impact. Your incident response team will notice the difference before the quarter ends.