Account Permissions

The account that will be used to run the extadsch.exe needs to have appropriate access and be in the “Schema Admins” group. You cannot run the extadsch.exe with alternate credentials using Run As.


Locating ExtADSch.exe

The exe used to extend the AD Schema can be located in the default installation directory under the bini386 folder.


If you have installed ConfigMgr to an alternate location, then it will be located in that installation path (installation pahtbini386).

Running ExtADSch.exe

You can run the file by either opening a command prompt and running the extadsch.exe, or by double-clicking the file.


Once it’s ran, you are looking for the “Successfully extended the Active Directory schema” output. You can also view the results by viewing the ExtADSch.log that is created on the C: drive.

This log file will detail the changes made to the schema and also show the success of the schema extensions.



Creating the Systems Management Container

After the schema is extended successfully, the Systems Management container needs to be created in Active Directory.

Open ADSI Edit and expand to the “System” container.


Right-click on the System container and select “new” then “object”.


Select “container” from the object list, and then select “Next”.


Next, enter in “System Management” and then click “Next”.


Click “Finish”.


Once you click Finish, you should see the new container listed.


Setting Security on the System Management container

Once the System Management container has been successfully created in Active Directory, the appropriate permissions needs to be set on the object.

With ADSI Edit still open, right-click on the System Management container object and select properties.


Go to the Security tab of the Properties dialog box and then select “Add”. Once the next dialog box opens, add the computer account of the primary site server(s) or the Active Directory group containing the servers. It’s recommended to use an Active Directory group so that you are not required to make this change again. Once you have entered in the required information, select “Ok”


Select “Full Control” for the site server or group you just added.


Next select Advanced, and then configure the server or AD group permissions to apply to “this object and all descendant objects”.


Click “OK” 3 times to save your changes.