In this article we will show step by step how to create the System Management Container and how to extend the Active Directory schema to make it compatible with SCCM (now called Microsoft Endpoint Configuration Manager).
By extending the Active Directory schema to SCCM, we create new structures in AD that are used by SCCM to publish important information in a secure place where client PCs can easily and securely access.
When managing PCs, you must extend the Active Directory schema to SCCM. This extended schema simplifies the process of deploying and managing clients and more efficiently locates content servers. Schema extension is done only once per forest.
Note: If the AD schema is already extended for Configuration Manager 2007 or System Manager 2012, you do not need to do it again for higher versions of SCCM and Microsoft Endpoint Configuration Manager. This step can be skipped.
TL;DR
Requirements for extending Active Directory Schema for SCCM:
- The procedure must be performed with a domain user who is a member of the Schema Admins (or Domain Admins) security group.
- Must have downloaded the installation files of SCCM / Configuration Manager.
- Perform the procedure from the Primary Domain Controller (PDC) server.
Step 1: Extend the Active Directory Schema for SCCM.
On the Primary Domain Controller server, open the Microsoft System Center Configuration Manager installation file and unzip it:
Open the path where it has been unzipped and navigate to “SMSSETUPBINX64“. You will find the file “extadsch.exe“, which you must execute as administrator:
If you launch the executable from a CMD or Powershell, you can see the output of this, notifying that the AD schema has been extended satisfactorily:
In the root directory of the server, you can find the log “ExtADSch.log” where everything that has been tried to be done is specified and the result:
We can verify that it ends with a “Successfully extended the Active Directory schema.”.
Step 2: Create System Management Container in AD for SCCM.
After extending the AD schema, you will create a container called “System Management”. Open the tool “ADSI Edit” to create the container. In the left panel, expand the DC and look for “CN=System”, right click “New” > “Object…”:
Choose the type “container” and click on “Next”:
Specify “System Management” as value (it is important to enter the exact text. Same format of capital letters and the space between the two words) and click on “Next”:
Click on “Finish” and check that the container has been created:
Next steps after extending Active Directory Schema:
After you extend the Active Directory Schema and create the System Management Container, you must grant permissions. Then we can configure the Configuration Manager site to publish data to Active Directory.