In this post I will show you how to create system management container. I will also cover the steps to extend the active directory schema. This post can be considered as part 2 wrt deploying SCCM in our lab setup. In the first part I covered the steps to install active directory.
When you want to install SCCM, you have to prepare Active Directory for site publishing. This involves multiple steps which are listed in this post.
Note – If your Active Directory schema was extended for SCCM 2007 or Configuration Manager 2012, then you don’t need to do it again. The schema extensions are unchanged and will already be in place. Extending the schema is a one-time action for any forest.
Create System Management Container
After we have a domain controller in our setup, the next step is to create a container. You create system management container one time in each domain that has a primary or secondary site. This will be used to publish data to Active Directory.
To create system management container
- Login to domain controller with a domain admin account.
- Click Start , All Programs, Administrative Tools.
- Select ADSI Edit.
- Right click ADSI Edit and Click Connect to.
- The naming context should be Default naming context. Click OK.
- In the ADSI edit Console, Expand the Default Naming Context.
- Right click CN=System, Click New and create an Object.
- Select Container from the options. Click Next.
- Provide the object value as System Management.
- Click Next and refresh the ADSI edit to see the system management container in the console.
Now that we have created the System Management Container, the next step is to delegate the permissions on System Management Container.
- Open the Active Directory Users and Computers.
- Click View and select Advanced Features.
- Right click System Management and delegate control.
- On the next screen click Add.
- In the Object Types select computers and click OK.
- Type the SCCM Server name and click Check Names.
- Select the SCCM computer from the list.
- In the Tasks to Delegate window, select Create a Custom task to delegate.
- Select the default option This folder, exiting objects in this folder and creation of new objects in this folder. Click Next.
- Select all the three permissions and click on full control.
- Click Finish to close the delegation wizard.
Extend Active Directory Schema
Coming to the last step which is extend Active Directory Schema for Configuration Manager. You can perform the below steps either on Active Directory or any member server. To extend AD schema, always use an account that is a member of the Schema Admins security group.
To extend Active Directory Schema
- Mount the SCCM ISO file.
- Locate the folder : SMSSETUP\BIN\X64
- Right click file named extadsch. Hold the shift key+right click on the file and copy as path.
- Open the command prompt and paste the copied data.
- That’s how you extend AD schema.
The log file extadsch.log is located in root drive i.e. C:\extadsch.log. Open it with a CMTrace log viewer. The highlighted text shows that Active Directory Schema has been extended successfully.