Jump to content




Search the Community

Showing results for tags 'Insufficient Access Rights'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General Stuff
    • Site News
    • Windows News
    • Suggestion box
    • General Chat
    • Events
    • Jobs
  • Cloud
    • Microsoft Intune
    • Azure
    • Office 365
  • Microsoft Deployment Toolkit
    • Deploying Windows 10, Windows 8.1, Windows 7 and more...
  • SMS, SCCM, SCCM Current Branch, SCCM Technical Preview
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • How do I ?
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Server
    • Active Directory
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Windows Server 2008
    • Windows Server 2012
    • Windows Server 2016
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Operations Manager
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS
  • Microsoft SQL Server
    • SQL Server
  • Windows General
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • how do I do this ?
    • windows screenshots

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Location


Interests

Found 1 result

  1. Hey Guys / Niall - I recently built a new SCCM environment with 4 Secondary servers for an upcoming domain migration and have just about finished it. When looking in the console under "Active Directory Forests", I see that under "Publishing Status" it says "Insufficient Access Rights." The permissions for the "Systems Management" container seem correct. Looking within it, I see that it has created objects for the Primary + 2 of the 3 Secondary sites - but that's it. Below you can see the contents of the Systems Management container currently. AH1 is the Primary site with ABQ & TUL Secondaries. The 3rd Secondary is missing completely... I personally didn't extend the schema or assign rights, but here's how it is currently configured. When looking under the Security tab of the System Management container's Properties, I see that there is an AD Security Group named "SCCM Site Servers" with full rights. I've also verified that all of the SCCM Site Servers (including the primary and all secondaries) have been added to this group. No specific user / service accounts have been added. Aside from that group, the following exist: SELF (No rights) Authenticated users (Read) SYSTEM (Full Rights) DOMAIN\Domain Admins (Full Rights) DOMAIN\Enterprise Admins (Full Rights - Inherited) DOMAIN\Administrators (Read & Write but not Full - Inherited) DOMAIN\Pre-Windows 2000 Compatible Access (No Rights) ENTERPRISE DOMAIN CONTROLLERS (No Rights) If I examine the Properties of the Forest within the console, the option to discover sites & subnets in the AD forest is enabled and set to use the computer account of the site server. The Publishing tab has all 4 (Primary + 3 Secondaries) checked and no domain / server specified. I tried adding the hostname of the Secondary site which wasn't listed in the SM container directly via Delegating Access. When viewing Advanced properties of the container's security, the added hostname looks to have the same configuration as the AD Group. Once added, I unchecked it's site under Publishing, applied, clicked ok, went back to Publishing, checked it, applied, then clicked OK again. So far, no changes. Not 100% sure if this would attempt to reinitiate it, though. After I make changes in attempts to resolve, how can I best verify they are successful if not the above? Finally, I looked through all ad* logs and even though I didn't look in great detail, I didn't see anything recent that stood out. Any suggestions for resolving this? Thanks!
×