Account Permissions

The account that will be used to run the extadsch.exe needs to have appropriate access and be in the “Schema Admins” group. You cannot run the extadsch.exe with alternate credentials using Run As.

clip_image002

Locating ExtADSch.exe

The exe used to extend the AD Schema can be located in the default installation directory under the bini386 folder.

clip_image004

If you have installed ConfigMgr to an alternate location, then it will be located in that installation path (installation pahtbini386).

Running ExtADSch.exe

You can run the file by either opening a command prompt and running the extadsch.exe, or by double-clicking the file.

clip_image006

Once it’s ran, you are looking for the “Successfully extended the Active Directory schema” output. You can also view the results by viewing the ExtADSch.log that is created on the C: drive.

This log file will detail the changes made to the schema and also show the success of the schema extensions.

clip_image008

 

Creating the Systems Management Container

After the schema is extended successfully, the Systems Management container needs to be created in Active Directory.

Open ADSI Edit and expand to the “System” container.

clip_image009

Right-click on the System container and select “new” then “object”.

clip_image010

Select “container” from the object list, and then select “Next”.

clip_image012

Next, enter in “System Management” and then click “Next”.

clip_image014

Click “Finish”.

clip_image016

Once you click Finish, you should see the new container listed.

clip_image017

Setting Security on the System Management container

Once the System Management container has been successfully created in Active Directory, the appropriate permissions needs to be set on the object.

With ADSI Edit still open, right-click on the System Management container object and select properties.

clip_image018

Go to the Security tab of the Properties dialog box and then select “Add”. Once the next dialog box opens, add the computer account of the primary site server(s) or the Active Directory group containing the servers. It’s recommended to use an Active Directory group so that you are not required to make this change again. Once you have entered in the required information, select “Ok”

clip_image020

Select “Full Control” for the site server or group you just added.

clip_image022

Next select Advanced, and then configure the server or AD group permissions to apply to “this object and all descendant objects”.

clip_image024

Click “OK” 3 times to save your changes.