This procedure describes the steps for extending the Active Directory Schema to allow System Center Configuration Manager 2007 to publish information in Active Directory.
THIS PROCEDURE MUST BE PERFORMED ONLY ONCE ON THE DOMAIN CONTROLLER THAT HAS THE SCHEMA OPERATION MASTER ROLE.
Note: The procedure described below was realised on a Windows Server 2008 R2 Domain Controller that has all Operation Master Roles.
- Active Directory and DNS server are installed and configured for the domain TECHREADY.RO.
- Windows Server 2008 R2 was installed on the server where Configuration Manager 2007 will be installed.
Installation and configuration steps
- Logon on the Domain Controller server that has the Schema Operations Master role using the domain Administrator account. Note: Modification of Active Directory Schema is allowed by default on Windows Server 2008.
- Insert the Configuration Manager 2007 SP2 installation CD in the CD-ROM drive. In the \SMSSETUP\BIN\I386 folder you can find extadsch.exe
- Launch Command Prompt and enter the commands:
Where d: is the drive letter assigned to CD-ROM.
- To check the success of the operation, navigate to C: drive and open the ExtADSch.log file which was created in the root of drive C:
- In the file you can observe the classes and attributed added to Active Directory and the message that confirms the successful extension of the schema.
Next we will create the System Management container where Configuration Manager 2007 will publish information about the SMS sites. To create the container we need to use ADSI Edit. This application is included in the Windows Server 2008.
- In the Start menu select Run and enter adsiedit.msc then click OK.
- In the ADSI Edit console right-click ADSI Edit and select Connect to.
- In the Connection Settings window accept the defaults and click OK.
- In the ADSI Edit console expand Default naming context, then the DC=TECHREADY,DC=RO container, right-click the CN=System container and select New, Object.
- In the Create Object window select container and click Next.
- In the Create Object window type System Management and click Next.
- In the Create Object window click Next.
- In ADSI Edit console view the newly created container then close the console.
- Launch Active Directory Users and Computers. Right click the desired container and select New, Group.
- In the New Object – Group window type ConfigMgrServers as the group name and click OK.
- Right-click the newly created group and select Properties.
- In the Properties window select the Members tab and click Add.
- In the Select Users, Contacts or Computers window click Object Types.
- In the Object Types select Computers and click OK.
- In the Select Users, Contacts or Computers window type the names of the Configuration Manager Site Server, click Check Names then click OK.
- In the Properties window click OK.
Next we will give permissions to ConfigMgrServers group over the System Management container.
- In the Active Directory Users and Computers console select View, Advanced Features.
- Right-click the System Management container and select Properties.
- In the System Management Properties window select the Security tab then click Add.
- In the Select Users, Computers or Groups window type ConfigMgrServers and click Check Names then click OK.
- In the System Management Properties window give the Full Control permission to the ConfigMgrServers group (all checkboxes will be selected) then click Advanced.
- In the Advanced Security Settings for System Management window select the ConfigMgrServers group from the list then click Edit.
- In the Permission Entry for System Management window, in the Apply onto dropdown select This object and all child objects then click OK.
- In the Advanced Security Settings for System Management window click OK.
- In the System Management Properties window click OK.
- After the installation Configuration Manager 2007 will publish information in this container to allow clients to locate the Site Server.