Jump to content


anyweb

how can I create the System Management Container in Active Directory

Recommended Posts

Using Adsiedit Create a container in AD, CN=System called System Management by right clicking on CN=System and choose New Object, scroll down to container from the list, click next, give it a value of System Management.

 

adsiedit.jpg

 

In Active Directory Users and Computers expand the System container, and right click click on System Management

 

choose delegate control, click next, click add, click object types, add computers, click ok, advanced, find now.

 

highlight the SCCM servername and click ok.

 

click OK again, click Next in the Delagation of control Wizard page, choose 'create a custom task to delegate'

 

click next, make sure 'this folder, existing objects in this folder and creation of new objects in this folder is selected

 

click next, select the 3 permissions General, Property-Specific and Creation-deletion of specific child objects are selected then place a check mark in FULL CONTROL

 

and click next then Finish.

 

Failure to do the above will mean that the System Management Container in AD will NOT POPULATE with SCCM specific info and you will see many errors in SCCM site status

 

Once the permissions are granted correctly, it will look like this

 

container_privs.jpg

 

done !

Share this post


Link to post
Share on other sites


Hi,

 

I just followed your steps but it didn't work. I don't see nothing in System Managment and I granted the my sccm server the rights on the container just like its been explained.

 

grtz

Share this post


Link to post
Share on other sites
Hi,

 

I just followed your steps but it didn't work. I don't see nothing in System Managment and I granted the my sccm server the rights on the container just like its been explained.

 

did you name it System Managment or System Management ?

Share this post


Link to post
Share on other sites
did you name it System Managment or System Management ?

I named it this way : System Management (I wrote it wrong on the forum ;))

 

edit: Just found my problem. I am working on a installed SCCM2007 on win2003 server and it was already configured by someone else. Now the AD scheme was not extended so I extended it. But the problem still exist.

I didn't look further at the problem and started to publish a client towards a pc.

This worked but in the client config manager there were 2 property items "unknown". (ConfigMgr & Site mode).

 

So I checked the site code on the server, everything stated fine till I checked the advanced tab.

 

There is a setting which draw my attention: " Publish this site in Active Directory Domain Services".

So I googled it up :

 

During Configuration Manager primary site setup, the Active Directory schema is queried to determine if it has been extended for Configuration Manager. If the schema has been extended for Configuration Manager, the site will be automatically configured to publish site information and will publish site information to Active Directory Domain Services at the completion of setup. If the Active Directory schema has not been extended for Configuration Manager, the site will not be configured to publish site data to Active Directory Domain Services.

 

http://technet.microsoft.com/en-us/library/bb680711.aspx

 

Because I extended the AD schema after the install of SCCM2007 , the above setting wasn't applied. Its only applied when you extended the AD schema BEFORE installing SCCM2007.

 

I hope this helps other users ;)

Share this post


Link to post
Share on other sites

excellent edit and THANKS for the info, !!

  • Like 1

Share this post


Link to post
Share on other sites

the container will populate itself if you followed the guide correctly, give it some time to do so.

 

the container is needed to store info in AD about where sccm site servers are located

 

here's some more info

 

Four actions need to be taken in order to successfully enable Configuration Manager Clients to query Active Directory Domain Services to locate site resources:

 

* Extend the Active Directory schema.

* Create the System Management container.

* Set security permissions on the System Management container.

* Enable Active Directory publishing for the Configuration Manager site.

Share this post


Link to post
Share on other sites

they arent really empty, look at them closely (double click), plus as you add more sites, more entries will be added

Share this post


Link to post
Share on other sites

on the containers, right click and choose properties,

Share this post


Link to post
Share on other sites

How can I install WebDav in Windows 2003 R2 SP2. Kindly provide the link to download WebDav for IIS which is built-in with 2k3 windows. I have WebDav for ISS7, when i try to run it, it is asking to install IIS7. Any suggestion???

Share this post


Link to post
Share on other sites

Thank you for your reply. I found the link to enable Bits and WebDav in 2k3 from Windows-noob.

 

Do we need to configure WebDav as mentioned above in win2k3? or just install is fine.

Share this post


Link to post
Share on other sites

I have had this same issue and this has been my resolve for it.

 

In Active Directory after the "System Management" container is created right click on the container, go to properties, then click on the security tab. Make sure the server you are using has full control. After that click on advanced, find the server and click Edit. On the object tab make sure "Apply onto" is set to "This object and all child objects". I have found the default during the install to be "This object only". After this you will need to go into SCCM and right click on your site and select properties. On the properties page go to the Advanced tab. On the Advanced tab un-check all of the check boxes and click "Apply" the recheck the boxes and click "Apply" again. After a few minuets the correct information should be propigated to the "System management" container.

 

 

 

This has been done in a test environment and I hope this will help others that might be having the same issue.

 

I also found some of these videos to be helpful http://www.youtube.com/user/dodo3tt#p/search/1/coSRKb7hRkU

 

and followed Microsofts site http://technet.microsoft.com/en-us/library/bb632492.aspx

 

Bobtrie.

Share this post


Link to post
Share on other sites

the container will populate itself if you followed the guide correctly, give it some time to do so.

 

the container is needed to store info in AD about where sccm site servers are located

 

here's some more info

 

Four actions need to be taken in order to successfully enable Configuration Manager Clients to query Active Directory Domain Services to locate site resources:

 

* Extend the Active Directory schema.

* Create the System Management container.

* Set security permissions on the System Management container.

* Enable Active Directory publishing for the Configuration Manager site.

 

 

one stupit question:

 

duering prerequisites check of installtion of sccm 2007 r2, i had to extend the AD schema otherwise it gave me error. Now i followed your guide to create system Management container but nothing appears, its empty (i followed it twice!), so the question is; should i extend the AD schema ONCE AGAIN?

 

Thanks!

Share this post


Link to post
Share on other sites

did you try this ?

 

Using Adsiedit Create a container in AD, CN=System called System Management by right clicking on CN=System and choose New Object, scroll down to container from the list, click next, give it a value of System Management.

 

Share this post


Link to post
Share on other sites

I have a parent/child domain setup. Everything is in the child domain except for a couple root domain controllers. Do I need to create the System Management contain in cn=system on the parent domain or the child domain?

Share this post


Link to post
Share on other sites

I created the "System Management" container on my DC before installing SCCM. Can it be done or it is not recommended ? I am assuming the container will populate once I install SCCM ?

Share this post


Link to post
Share on other sites

I know this thread is a bit old, but we just got SCCM 07 / FEP 2010 installed in our environment and I am having a heck of a time configuring it. Up until recently, I wasn't able to see any PCs in the configmgr console. Now they show up under "All Systems" and the "All Users" but when I go to push the client to them, nothing happens. The field that shows if they have the client or not says "No" and I can't find out what's wrong here. I'm under the impression I'm missing a lot of the underlying connections that need to be made here. I get stuck halfway through the OP's solution on the first page.

 

I tested the installation of ConfigMgr. client on my PC and it does show up in the control panel. Once in CfgMgr under the Actions tab I only see two actions:

 

 

Machine Policy Retrieval & Evaluation Cycle

 

User Policy Retrieval & Evaluation Cycle

 

 

I had manually run the ccmsetup.exe from my command line but was hoping to do this by pushing from the SCCM server. Is this even possible? Our solution is hosted and SCCM & FEP reside on a virtual machine. It is still on the same domain but for some reason none of the collections update with any PCs.

 

Also, when I go to the Advanced tab and attempt to discover the site code, it fails.

 

Over the weekend I was looking at the event viewer/log and it was chock full of errors. I tried weeding through them but this is my first experience with SCCM/FEP in general. I may be way in over my head here but I'd really like to see if I can configure this myself before resorting to requesting help from our vendor as they may charge through the roof, claiming that this implementation was new to them.

 

I'm not sure if it will be much help but I've attached a screenshot of the property sheet for my machine specifically. There are a lot of <null> fields. This can't be normal? Where are the log files I can look at and post if need be?

 

 

Thanks in advance for any guidance. It's very much appreciated.

post-11064-0-11159000-1312466962_thumb.png

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...