Prepare your Active Directory before installing ConfigMgr (SCCM)

by

About

In the article, we will be preparing our Active Directory for installing System Center Configuration Manager (SCCM).

Article Covers

  • Create Security Groups & Organizational Units.
  • Create System Management Container
  • Extending Active Directory Schema.
Create Security Groups & Organizational Unit
  • Create two security groups in Active Directory
    • SCCM-Admins: Add all SCCM Admin users.
    • SCCM-Servers: Add all SCCM Servers
  • Create an organizational unit and move all SCCM Servers under it.

Create System Management Container
  • Login to your domain controller.
  • Open ADSI Edit and right click Connect to…

  • Click OK on Default Connection Settings.

  • Navigate to CN=System and right click New -> Object

  • Select the class “Container”

  • Enter the value “System Management” and click Next -> Finish.

  • ConfigMgr Primary Site must have Full Control permission to the System Management Container. Open Active Directory Computers and Users -> Click on View at the top -> Select Advance Features.
  • Expand System -> Right Click System Management -> Click Delegate Control. Add security group “SCCM-Servers” and click OK.

  • Select the option “Create a custom task to delegate” on the next dialog and Click on Next

  • On the next window, select the option “This folder, existing objects in this folder and creation of new objects in this folder” and click Next. 

  • On Permissions Wizard, give Full Control to “General, Property-specific and Creation/deletion of specific child objects” and click Next -> Click on Finish to complete the permissions on System Management Container.

Extending Active Directory Schema
  • Open Command Prompt as administrator and execute exe from SMSSETUP\BIN\x64 path of SCCM Suite.

             Make sure your account is a member of Schema Admin group.

  • Active directory schema will be extended.

  • AD Schema extension can also be verified in Extadsch.log located on Root System drive.

Extadsch.log

Modifying Active Directory Schema – with SMS extensions.

DS Root:CN=Schema,CN=Configuration,DC=ginu,DC=com

Defined attribute cn=MS-SMS-Site-Code.

Defined attribute cn=mS-SMS-Assignment-Site-Code.

Defined attribute cn=MS-SMS-Site-Boundaries.

Defined attribute cn=MS-SMS-Roaming-Boundaries.

Defined attribute cn=MS-SMS-Default-MP.

Defined attribute cn=mS-SMS-Device-Management-Point.

Defined attribute cn=MS-SMS-MP-Name.

Defined attribute cn=MS-SMS-MP-Address.

Defined attribute cn=mS-SMS-Health-State.

Defined attribute cn=mS-SMS-Source-Forest.

Defined attribute cn=MS-SMS-Ranged-IP-Low.

Defined attribute cn=MS-SMS-Ranged-IP-High.

Defined attribute cn=mS-SMS-Version.

Defined attribute cn=mS-SMS-Capabilities.

Defined class cn=MS-SMS-Management-Point.

Defined class cn=MS-SMS-Server-Locator-Point.

Defined class cn=MS-SMS-Site.

Defined class cn=MS-SMS-Roaming-Boundary-Range.

Successfully extended the Active Directory schema.

That’s all from Active Directory perspective and you are done with one of the prerequisites for SCCM.

Leave a Reply

Your email address will not be published. Required fields are marked *