Jump to content


anyweb

how can I create the System Management Container in Active Directory

Recommended Posts

Hi,

I've been following through all the instructions throughout various posts in the thread but seem to be stuck getting the System Management container to populate with data. I'm running Win2k8 R2 on both the SCCM machine and AD and I'm attempting to install SCCM2012 RC1 new into the environment (e.g. no prior 2k7 installation).

 

I successfully updated the AD schema for SCCM from a SCCM2k7 disc we have, also tried the 2012 build, both times read successful:

<02-07-2012 10:14:01> Successfully extended the Active Directory schema.

 

Effectively the error I'm getting during the pre req check for SCCM2012 is this:

<02-07-2012 11:04:09> ERROR: Site server does not have create child permission on AD 'System Management'

<02-07-2012 11:04:09> WARN: Site server does not have delete child permission on AD 'System Management'

<02-07-2012 11:04:11> scm01pa.local; Site server has permissions to publish to Active Directory.; Warning; The site server is unable to publish to Active Directory. Check that you have granted the site server's computer account full permissions to the System Management container in its Active Directory domain.

 

The System Management container has been created and has the appropriate permissions from everything I can see:

 

 

sccm2012_ad.png

 

 

The server name is obviously scm01pa and as you can see it's been delegated control of the System Management container. Any help would be greatly appreciated as this one's got me stumped.

Share this post


Link to post
Share on other sites

Fixed. It was Mircosoft and their bloody wording in the error message :) I never proceeded with the install past the pre req as I figured there was no point if it was going to fail populating the System Management container with data. I noticed after my post above RC2 has been released so I thought I'd give that whirl instead thinking it was probably going to be a longshot but you never know.

 

Anyway, it all comes down to the way Microsoft worded their error between RC1 and RC2.

RC1 error:

-----------------------------------------

Warning; The site server is unable to publish to Active Directory. Check that you have granted the site server's computer account full permissions to the System Management container in its Active Directory domain.

-----------------------------------------

 

RC2 error:

-----------------------------------------

Warning; The site server might be unable to publish to Active Directory. The computer account for the site server must have Full Control permissions to the System Management container in its Active Directory domain.

-----------------------------------------

I decided to proceed anyway and hey presto, all good, the System Management container populated with data.

Share this post


Link to post
Share on other sites

well in both cases it's not an Error it's a warning, and you can always continue with warnings but not with Errors, good point though and good to see Microsoft is listening to bugs/dcr's filed and acting on them.

Share this post


Link to post
Share on other sites

Yeah, what threw me was that even though the installer said it was a warning, when I jumped into ConfigMgrPrereq.log to take a closer look at the problem, that's where I noticed it was spitting out an error with creating child permissions which I thought was directly related to the warning.

Share this post


Link to post
Share on other sites

Do the Computer$ account really need FULL CONTROL on the container System Management?

Or can the Computer$ account have FULL CONTROL at installation and then later change it to just FULL CONTROL for the selfcreated sub-containers?

 

Why this questions takes place is because we are gonna have a customer in another "main Domain" and will Only have FULL CONTROL over one small "OU".

Share this post


Link to post
Share on other sites

I have  question about this. SCCM was set up in our college by a previous company that supported the college. As it wasn't working as it should do we took out the server that had SCCM installed and we are going to set up SCCM from scratch. As SCCM was set up before, the System Management container already exists and has the boundary range and site names in there.

Is it just a case of deleting the System Management container and re-creating it or is it easier to leave the container there, delete the boundary points and other objects that are in the System management container and then just do the delegate control step to add the new SCCM server in? 

Share this post


Link to post
Share on other sites

if it's already created then leave it there, it's safe to delete the contents inside as the they will get repopulated (if everything is working correctly)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...