Failed to Extend SCCM Active Directory Schema Error 8202

ByPrajwal Desai Hours

While extending the SCCM schema, you may encounter Active Directory Schema Error 8202.. The Active Directory schema error 8202 was logged in ExtADSch.log in the root of the system drive. Let’s see how to fix this issue.

So in most cases when you extend the Active Directory Schema for Configuration Manager, you don’t see any issues. Most of all extending the schema is a one-time action for any forest.

I was helping one of the customer with installing Configuration Manager current branch and I was surprised to see the schema error 8202.

As mentioned earlier, you don’t see the ConfigMgr schema error 8202 on the command prompt when you extend the schema. Rather you only see Failed to extend the Active Directory schema, please find details in “C:\ExtADSch.log”.

Failed to extend the Active Directory schema for SCCM
Failed to extend the Active Directory schema for SCCM

Reviewing the ExtADSch.log file shows the actual error. Until you fix this issue and successfully extend the schema, you should not proceed further.

Failed to create class cn=MS-SMS-Management-Point. Error code = 8202.
 Failed to create class cn=MS-SMS-Server-Locator-Point. Error code = 8202.
 Failed to create class cn=MS-SMS-Site. Error code = 8202.
 Failed to create class cn=MS-SMS-Roaming-Boundary-Range. Error code = 8202.
 Failed to extend the Active Directory Schema, Please find Details in "ExtADSch.log".
Failed to Extend SCCM Active Directory Schema Error 8202
Failed to Extend SCCM Active Directory Schema Error 8202

Failed to Extend SCCM Active Directory Schema Error 8202

Alright lets say you have encountered the error 8202 while extending the Active Directory schema for SCCM. Here are some of the solutions or fixes.

  • To extend the schema, you must always use an account that is a member of the Schema Admins security group. If the account doesn’t have enough permissions to extend the AD schema, it will always fail. However in my case the service account was the member of Schema Admins group. Another important point is to be signed in to the schema master domain controller.
Account must be member of the Schema Admins security group
Account must be member of the Schema Admins security group
  • The second reason you see the AD schema error 8202 is when you have replication issues in the forest or if the schema master is unreachable. With multiple domain controllers running in the setup, if there are replication issues between the DC’s, you may not succeed in extending the AD schema for SCCM. So ensure there are no replication issues while extending the schema.
  • To force the replication between the domain controllers, open the Active Directory Sites and Services. Go to your Site and under Servers Select domain controller. Expand NTDS Settings, right click on <automatically generated> and select Replicate Now. Wait for few minutes until the replication is complete.

Now run the extadsch.exe tool and you should see “Successfully extended the Active Directory Schema“. This confirms that AD schema has been extended successfully for SCCM.

Extend AD Schema for SCCM
Extend AD Schema for SCCM

Review the extadsch.log file and you should see no errors. In the next step you can proceed with creating the system management container for SCCM.

Monitor extadsch.log
Monitor extadsch.log
Avatar photo

Prajwal Desai is a Microsoft MVP in Intune and SCCM. He writes articles on SCCM, Intune, Windows 365, Azure, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.