Extending Active Directory Schema for SCCM

Published by david on

Introduction

The installation of SCCM 2012 requires extending the Active Directory (AD) schema so that SCCM clients can identify their management point. This involves running the schema extension tool, creating the System Management container, and setting appropriate permissions.

Extending the Schema

Follow these steps to extend the AD schema for SCCM 2012:

  1. Log in with an account that has Schema Admin rights.
  2. Open a command prompt with elevated privileges.
  3. Navigate to the directory where the schema extension tool is located on the SCCM 2012 installation media: \SMSSETUP\BIN\x64 or \SMSSETUP\BIN\i386.

  1. Run the tool by executing extadsch.exe.
  2. Check the log file extadsch.log located at the root of the system drive to ensure the schema extension was successful.

Creating the System Management Container

The System Management container is necessary for SCCM servers to publish information in Active Directory, which SCCM clients use to find their management point based on the site code.

Steps to Create the Container

  1. On a domain controller, open the ADSI Edit tool by running adsiedit.msc.
  1. In the ADSI Edit console, right-click on “ADSI Edit” and select “Connect to…”.
  2. Leave the default settings and click “OK”.
  1. Expand the tree and right-click on “CN=System”. Select “New” and then “Object…”.
  1. In the “Create Object” wizard, select “Container” and click “Next”.
  1. Enter “System Management” as the value and click “Next”.
  1. Click “Finish” to create the container.

Delegating Control to SCCM Servers

Next, we need to delegate control of the System Management container to the SCCM servers:

  1. Create a global group named “SCCM_Servers” and add your SCCM server to this group.
  1. Open “Active Directory Users and Computers”. In the “View” menu, enable “Advanced Features”.
  1. Navigate to “System”, right-click on “System Management”, and select “Delegate Control…”.
  1. In the “Delegation of Control Wizard”, click “Next”.
  2. Select the “SCCM_Servers” group and click “Next”.
  1. Choose “Create a custom task to delegate” and click “Next”.

  1. Select “This folder, existing objects in this folder, and creation of new objects in this folder” and click “Next”.
  1. Check “Full Control” and click “Next”, then “Finish” to apply the permissions.
Categories: SCCM
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

SCCM

Deploying Windows 10 with SCCM

Comprehensive guide on deploying Windows 10 using SCCM, covering SCCM configuration, WDS and State Migration Point roles, setting up WinPE, managing drivers, creating task sequences, and distributing content.

SCCM

Installing SCCM: A Step-by-Step Guide

Comprehensive guide for installing SCCM, including prerequisites, SQL Server setup, feature installation, SCCM configuration, and role installation.

SCCM

Change Computer Name in SCCM Standalone Media

Learn how to change the computer name in SCCM 2012 using standalone task sequence media by adding the OSDComputername variable. This guide covers the steps to create media and deploy with custom computer names.