SCCM

How to Extend Active Directory Schema for SCCM / Configuration Manager

()

In this article we will show step by step how to create the System Management Container and how to extend the Active Directory schema to make it compatible with SCCM (now called Microsoft Endpoint Configuration Manager).

By extending the Active Directory schema to SCCM, we create new structures in AD that are used by SCCM to publish important information in a secure place where client PCs can easily and securely access.

When managing PCs, you must extend the Active Directory schema to SCCM. This extended schema simplifies the process of deploying and managing clients and more efficiently locates content servers. Schema extension is done only once per forest.

Note: If the AD schema is already extended for Configuration Manager 2007 or System Manager 2012, you do not need to do it again for higher versions of SCCM and Microsoft Endpoint Configuration Manager. This step can be skipped.

Requirements for extending Active Directory Schema for SCCM:

  • The procedure must be performed with a domain user who is a member of the Schema Admins (or Domain Admins) security group.
  • Must have downloaded the installation files of SCCM / Configuration Manager.
  • Perform the procedure from the Primary Domain Controller (PDC) server.

Step 1: Extend the Active Directory Schema for SCCM.

On the Primary Domain Controller server, open the Microsoft System Center Configuration Manager installation file and unzip it:

Extend AD Schema - Unzip
Extend AD Schema – Unzip

Open the path where it has been unzipped and navigate to “SMSSETUPBINX64“. You will find the file “extadsch.exe“, which you must execute as administrator:

Extend AD Schema - Run extadsch.exe
Extend AD Schema – Run extadsch.exe

If you launch the executable from a CMD or Powershell, you can see the output of this, notifying that the AD schema has been extended satisfactorily:

Extend AD Schema - CMD
Extend AD Schema – CMD

In the root directory of the server, you can find the log “ExtADSch.log” where everything that has been tried to be done is specified and the result:

Extend AD Schema - Verify log "ExtADSch.log"
Extend AD Schema – Verify log “ExtADSch.log”

We can verify that it ends with a “Successfully extended the Active Directory schema.”.

Step 2: Create System Management Container in AD for SCCM.

After extending the AD schema, you will create a container called “System Management”. Open the tool “ADSI Edit” to create the container. In the left panel, expand the DC and look for “CN=System”, right click “New” > “Object…”:

Extender AD Schema - Create system management container - ADSI Edit
Create system management container – ADSI Edit

Choose the type “container” and click on “Next”:

Create system management container - Type "container"
Create system management container – Type “container”

Specify “System Management” as value (it is important to enter the exact text. Same format of capital letters and the space between the two words) and click on “Next”:

Create system management container - Value: "System Management"
Create system management container – Value: “System Management”

Click on “Finish” and check that the container has been created:

Create system management container - Finish
Create system management container – Finish
Create system management container - Result
Create system management container – Result

Next steps after extending Active Directory Schema:

After you extend the Active Directory Schema and create the System Management Container, you must grant permissions. Then we can configure the Configuration Manager site to publish data to Active Directory.

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

As you found this post useful...

Follow us on social media!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Nando Corzo

Passionate about IT and Microsoft technologies with more than 5 years of experience in complex environments (Banking, Congresses and Public Services). Exploring and learning about Modern Workplace every day. I write about SCCM, Windows, Microsoft Intune, Hyper-V, etc...

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button