Jump to content


  • 0
anyweb

how can I create the System Management Container in Active Directory

Question

Using Adsiedit Create a container in AD, CN=System called System Management by right clicking on CN=System and choose New Object, scroll down to container from the list, click next, give it a value of System Management.

 

adsiedit.jpg

 

In Active Directory Users and Computers expand the System container, and right click click on System Management

 

choose delegate control, click next, click add, click object types, add computers, click ok, advanced, find now.

 

highlight the SCCM servername and click ok.

 

click OK again, click Next in the Delagation of control Wizard page, choose 'create a custom task to delegate'

 

click next, make sure 'this folder, existing objects in this folder and creation of new objects in this folder is selected

 

click next, select the 3 permissions General, Property-Specific and Creation-deletion of specific child objects are selected then place a check mark in FULL CONTROL

 

and click next then Finish.

 

Failure to do the above will mean that the System Management Container in AD will NOT POPULATE with SCCM specific info and you will see many errors in SCCM site status

 

Once the permissions are granted correctly, it will look like this

 

container_privs.jpg

 

done !

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0
Hi,

 

I just followed your steps but it didn't work. I don't see nothing in System Managment and I granted the my sccm server the rights on the container just like its been explained.

 

did you name it System Managment or System Management ?

Share this post


Link to post
Share on other sites

  • 0
did you name it System Managment or System Management ?

I named it this way : System Management (I wrote it wrong on the forum ;))

 

edit: Just found my problem. I am working on a installed SCCM2007 on win2003 server and it was already configured by someone else. Now the AD scheme was not extended so I extended it. But the problem still exist.

I didn't look further at the problem and started to publish a client towards a pc.

This worked but in the client config manager there were 2 property items "unknown". (ConfigMgr & Site mode).

 

So I checked the site code on the server, everything stated fine till I checked the advanced tab.

 

There is a setting which draw my attention: " Publish this site in Active Directory Domain Services".

So I googled it up :

 

During Configuration Manager primary site setup, the Active Directory schema is queried to determine if it has been extended for Configuration Manager. If the schema has been extended for Configuration Manager, the site will be automatically configured to publish site information and will publish site information to Active Directory Domain Services at the completion of setup. If the Active Directory schema has not been extended for Configuration Manager, the site will not be configured to publish site data to Active Directory Domain Services.

 

http://technet.microsoft.com/en-us/library/bb680711.aspx

 

Because I extended the AD schema after the install of SCCM2007 , the above setting wasn't applied. Its only applied when you extended the AD schema BEFORE installing SCCM2007.

 

I hope this helps other users ;)

Share this post


Link to post
Share on other sites

  • 0

the container will populate itself if you followed the guide correctly, give it some time to do so.

 

the container is needed to store info in AD about where sccm site servers are located

 

here's some more info

 

Four actions need to be taken in order to successfully enable Configuration Manager Clients to query Active Directory Domain Services to locate site resources:

 

* Extend the Active Directory schema.

* Create the System Management container.

* Set security permissions on the System Management container.

* Enable Active Directory publishing for the Configuration Manager site.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.