Deploying SCCM 2012 Part 2 – Creating Container, Extending the AD Schema.


Deploying SCCM 2012 Part 2 – Creating Container, Extending the AD Schema – In the first part of SCCM 2012 deployment, we saw the post on Installing Active Directory Domain Services. After setting up the domain controller, the next step is to create a container and extend the schema. To Create a container, login to domain controller with a domain admin account.

Click on Start , All Programs, Administrative Tools, Select ADSI Edit.


Right click ADSI Edit and Click Connect to. The naming context should be Default naming context. Click on OK.


In the ADSI edit Console, Expand the Default Naming Context, right click CN=System, click on New and create an Object


Choose Container from the options and click next


Provide the object value as System Management. Click Next and refresh the ADSI edit to see the system management container in the console.


Now that we have created the System Management Container, the next step is to delegate the permissions to the System Management Container.Open the Active Directory Users and Computers, click on view and select Advanced Features. Right System Management and delegate control.


On the next screen click on Add , in the Object Types select computers and click OK. Now you need to type the SCCM Server name and click on Check Names. Select the SCCM computer from the list.


In the Tasks to Delegate window, select “Create a Custom task to delegate”


Select the default option “This folder, exiting objects in this folder and creation of new objects in this folder” and click next.


Select all the three permissions and click on full control.


Click Finish to close the delegation wizard.


The next step is to extend the Active Directory Schema for Configuration Manager.You can perform this step on Active Directory or SCCM server as Domain administrator. Locate the folder : \SMSSETUP\BIN\X64 and right click the file named extadsch and run as administrator. You can hold the shift key + right click on the file and copy as path and paste it in command prompt.


The log file extadsch.log can be found in the location C:\extadsch.log. Open it with a notepad to view the log file. The highlighted text shows that Active Directory Schema has been extended successfully.



  • AL

    Hi there,

    These articles are fantastic. Excellent documentation.

    One quick question though, If I have SCCM 2007 running already. For instance, from the System Management container, I see SMS-SITE-ABC (mSSMSSite) and other containers for ManagementPoint and ServerLocatorPoint exist. Should it cause any issue if I deploy SCCM2012 using a differnet site name?

    Can both system run in Paralle?



    • Yes i think if the site name is different it shouldn’t cause any issue..


    Why we are extending the schema before starting the SCCM installation?

    • You can extend the schema before or after the SCCM installation. It is recommended by microsoft to extend the schema before you begin SCCM installation.

  • Claude Richer

    Hi Prajwal,
    I have face this situation : When I ran the extadsch.exe in order to extend the AD, I had the following errors :
    Error Code = 8202, at the Class MS-SMS-Managament-Point creation step and further…

    I just reran the command, and it went through without any problems.. Just wanted to share it with people that may have the same issue..
    I have to mention that I have two DCs in my forests, so I am presuming that is a matter of replication time here.. isn’t it?

    • Yes its a replication issue. I am glad to know that you found the solution. You can also see this error when the user account is not a part of schema admins group.

  • Akram

    thank you
    i want to ask if i extend the schema before with sccm 2007
    what happen to extend the schema with 2012 and if i can remove the effect of 2007

    • If you had extended the schema during installation of sccm 2007 you need not extend it while you install or upgrade 2012.

  • Richard Freck

    I have been handed the reigns of the SCCM project at a school district. We currently have SCCM 2012 SP1 being utilized to the best of its ability from people prior to me. We have had Microsoft Premier out assisting us with a side by side install of SCCM 2012 R2 on a completely different VLAN from the existing. My question is am I able to have 2 site servers with full permissions to the Systems Management Container? The only errors we have in the R2 upgrade are in regards to creating objects in AD which of course isn’t going to work if it doesn’t have permissions. Can I have 2 servers with permissions to the container? They are both in the same Domain.

    • Yes that should be possible. I haven’t tried that anytime but it can be done.

  • TDA

    Hello Prajwal,
    You only need to put the Site Server inside the container right?
    If you have Site System Server (like Distribution Points) you don’t have to add them inside the container right?