Extending the Active Directory Schema and System Management container
Extending the AD Active Directory (“AD”) Schema requires access rights to Schema admin groups. Schema and System Management (“SCCM”) installation and functionality such as Network Access Protection and global roaming require the AD schema to be extended. This action needs to be done once per forest.
Extending of schema can be done with the utility EXTADSCH.exe. This is present in SCCM installation setup files.
1. Browse for the location SMSSETUPBINI386 and locate the file EXTADSCH.exe
2. Run the executable. Once it is complete, ExtADSch.log will get created under the root drive.
Below is the output file
<01-23-2011 09:45:33> Modifying Active Directory Schema – with SMS extensions.
<01-23-2011 09:45:34> DS Root:CN=Schema,CN=Configuration,DC=techno-home,DC=com
<01-23-2011 09:45:38> Defined attribute cn=MS-SMS-Site-Code.
<01-23-2011 09:45:38> Defined attribute cn=mS-SMS-Assignment-Site-Code.
<01-23-2011 09:45:38> Defined attribute cn=MS-SMS-Site-Boundaries.
<01-23-2011 09:45:38> Defined attribute cn=MS-SMS-Roaming-Boundaries.
<01-23-2011 09:45:38> Defined attribute cn=MS-SMS-Default-MP.
<01-23-2011 09:45:38> Defined attribute cn=mS-SMS-Device-Management-Point.
<01-23-2011 09:45:38> Defined attribute cn=MS-SMS-MP-Name.
<01-23-2011 09:45:38> Defined attribute cn=MS-SMS-MP-Address.
<01-23-2011 09:45:39> Defined attribute cn=mS-SMS-Health-State.
<01-23-2011 09:45:39> Defined attribute cn=mS-SMS-Source-Forest.
<01-23-2011 09:45:39> Defined attribute cn=MS-SMS-Ranged-IP-Low.
<01-23-2011 09:45:39> Defined attribute cn=MS-SMS-Ranged-IP-High.
<01-23-2011 09:45:39> Defined attribute cn=mS-SMS-Version.
<01-23-2011 09:45:39> Defined attribute cn=mS-SMS-Capabilities.
<01-23-2011 09:45:40> Defined class cn=MS-SMS-Management-Point.
<01-23-2011 09:45:40> Defined class cn=MS-SMS-Server-Locator-Point.
<01-23-2011 09:45:41> Defined class cn=MS-SMS-Site.
<01-23-2011 09:45:41> Defined class cn=MS-SMS-Roaming-Boundary-Range.
<01-23-2011 09:45:41> successfully extended the Active Directory schema.
<01-23-2011 09:45:41> Please refer to the SMS documentation for instructions on the manual
<01-23-2011 09:45:41> configuration of access rights in active directory which may still
<01-23-2011 09:45:41> need to be performed. (Although the AD schema has now been extended,
<01-23-2011 09:45:41> AD must be configured to allow each SMS Site security rights to
<01-23-2011 09:45:41> publish in each of their domains.)
The next step is to create a system management container in the AD. This is required to publish site information to the AD.
3. Open ADSIedit.msc from run the run command:
4. Expand Domain. Go to CN=System -> right click -> New -> Object
5. Select Container and click Next
6. In the Value, type System Management and click Next to continue
7. Click Finish to complete the wizard.
8. The System Management container will now get created.
9. Open Active Directory Users and Computers and create two user accounts. These accounts will be used for SCCM and SQL administration.
Users:
Techno-home-SCCM
Techno-home-SQL
10. Expand Active Directory Users and Computers and select the DC. Click on view and choose Advanced Features
11. Expand Domain Controller -> System -> System Management -> Right click -> Select Properties
12. Select the Security tab -> click Add -> browse and select Techno-home-SCCM user -> select Full control
13. Click Advanced -> Select SCCM user name -> Click Edit
14. Scroll down and select this object and all descendent objects from the Apply to section.
15. Click Apply and Ok to apply the settings and close the security tab.
16. We will now add the SCCM user to the administrator group.
Select DC -> Built in -> Select Administrators -> Right click -> Properties
17. Select the Member tab and click on Add
18. Browse and select the techno-home-SCCM user. Click Ok to apply the changes
19. Click Apply and OK to close the member tab
