Configuration Manager Active Directory schema extensions provide many benefits for Configuration Manager sites, but they are not required. If you have extended your Active Directory schema for SMS 2003, you should update your schema extensions for Configuration Manager 2007. If you have already extended your schema for Configuration Manager 2007, no additional schema extensions are required for Configuration Manager 2007 SP1. For more information about extending the Active Directory schema for Configuration Manager 2007, see How to Extend the Active Directory Schema for Configuration Manager.
This guide was prepared to help you setup SCCM in a Lab environment. Before extending your Active Directory, make sure to have considered any possible implications of doing so, for example if something does go wrong during the procedure then you'll want to have a backup in place.
SCCM needs the Active Directory schema to be extended, so to do so we'll need to copy the EXTADSCH.EXE file ffrom the SCCM DVD. This guide assumes you have installed Windows Server 2008 and configured it for Active Directory and DHCP. This guide also assumes you have access to your SCCM 2007 DVD (or ISO).
The Active Directory schema can be extended for Configuration Manager 2007 before or after running Configuration Manager 2007 Setup. However, to take advantage of publishing information to Active Directory Domain Services from the outset, extend the schema before beginning Configuration Manager 2007 Setup and allow sufficient time for the schema changes to replicate through the Active Directory forest.
Looking at how to extend the schema is complex. Updating the schema requires you to be in the Schema admin security group, even an Enterprise Administrator is not a Schema admin. As Microsoft say
The Active Directory schema can be extended for Configuration Manager 2007 by running the ExtADSch.exe utility or by using the LDIFDE command-line utility to import the contents of the ConfigMgr_ad_schema.ldf LDIF file. Both the utility and the LDIF file are located in the SMSSETUP\BIN\i386 directory of the Configuration Manager 2007 installation files. Regardless of the method used to extend the schema, two conditions must be met:
* The Active Directory schema must allow updates. On domains running Windows Server 2003, the schema is enabled for updates by default. For domains running Windows 2000 Server, you must manually enable updates on the schema master for the Active Directory forest.
* The account used to update the schema must either be a member of the Schema Admins group or have been delegated sufficient permissions to modify the schema.
I decided to use the extADSch.exe method and located it on the SCCM 2007 DVD (F:\SMSSETUP\BIN\I386), but before doing so I wanted to make my Enterprise Administrator a member of the Schema Admins Group.
Adding the Enterprise Administrator Group account to the Schema Admins Group
to do this, start up Active Directory Users and Computers and select the Enterprise Admins group
double click the group and select the Member Of Tab
click Add and type Schema then press Check Names click OK
notice that it (schema admins group) is now listed in the Member of Tab.
click ok when done and now we can try running the extadsch.exe tool, we will run it from an elavated command prompt and redirect any output to a file to see if there were any problems during the process. To open an elavated command prompt do as follows:-
click on start and right-click on the Command Promtp icon at the top of the start menu, choose Run As Administrator
now we can run our code
extadsch.exe > c:\output.txt
if everything went ok the log file will be pretty emtpy otherwise it may contain errors, in addition you should see another log file in c:\ called ExtADSch.log
here is a sample of a successful schema extension:-
<08-22-2008 11:21:33> Modifying Active Directory Schema - with SMS extensions.
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Active Directory Schema Extensions
This guide was prepared to help you setup SCCM in a Lab environment. Before extending your Active Directory, make sure to have considered any possible implications of doing so, for example if something does go wrong during the procedure then you'll want to have a backup in place.
SCCM needs the Active Directory schema to be extended, so to do so we'll need to copy the EXTADSCH.EXE file ffrom the SCCM DVD. This guide assumes you have installed Windows Server 2008 and configured it for Active Directory and DHCP. This guide also assumes you have access to your SCCM 2007 DVD (or ISO).
Looking at how to extend the schema is complex. Updating the schema requires you to be in the Schema admin security group, even an Enterprise Administrator is not a Schema admin. As Microsoft say
I decided to use the extADSch.exe method and located it on the SCCM 2007 DVD (F:\SMSSETUP\BIN\I386), but before doing so I wanted to make my Enterprise Administrator a member of the Schema Admins Group.
Adding the Enterprise Administrator Group account to the Schema Admins Group
to do this, start up Active Directory Users and Computers and select the Enterprise Admins group
double click the group and select the Member Of Tab
click Add and type Schema then press Check Names click OK
notice that it (schema admins group) is now listed in the Member of Tab.
click ok when done and now we can try running the extadsch.exe tool, we will run it from an elavated command prompt and redirect any output to a file to see if there were any problems during the process. To open an elavated command prompt do as follows:-
click on start and right-click on the Command Promtp icon at the top of the start menu, choose Run As Administrator
now we can run our code
if everything went ok the log file will be pretty emtpy otherwise it may contain errors, in addition you should see another log file in c:\ called ExtADSch.log
here is a sample of a successful schema extension:-
that's it, you have now extended the Active Directory schema in Windows Server 2008.
Now that you have extended the schema you should give the Primary SCCM server (and Management Point) permissions on the System Management container in AD.
Share this post
Link to post
Share on other sites