Deploying SCCM 2012 Part 2 – Creating Container, Extending the AD Schema.

12 19,005

Deploying SCCM 2012 Part 2 – Creating Container, Extending the AD Schema – In the first part of SCCM 2012 deployment, we saw the post on Installing Active Directory Domain Services. After setting up the domain controller, the next step is to create a container and extend the schema. To Create a container, login to domain controller with a domain admin account.

Click on Start , All Programs, Administrative Tools, Select ADSI Edit.


Right click ADSI Edit and Click Connect to. The naming context should be Default naming context. Click on OK.


In the ADSI edit Console, Expand the Default Naming Context, right click CN=System, click on New and create an Object


Choose Container from the options and click next


Provide the object value as System Management. Click Next and refresh the ADSI edit to see the system management container in the console.


Now that we have created the System Management Container, the next step is to delegate the permissions to the System Management Container.Open the Active Directory Users and Computers, click on view and select Advanced Features. Right System Management and delegate control.


On the next screen click on Add , in the Object Types select computers and click OK. Now you need to type the SCCM Server name and click on Check Names. Select the SCCM computer from the list.


In the Tasks to Delegate window, select “Create a Custom task to delegate”


Select the default option “This folder, exiting objects in this folder and creation of new objects in this folder” and click next.


Select all the three permissions and click on full control.


Click Finish to close the delegation wizard.


The next step is to extend the Active Directory Schema for Configuration Manager.You can perform this step on Active Directory or SCCM server as Domain administrator. Locate the folder : SMSSETUPBINX64 and right click the file named extadsch and run as administrator. You can hold the shift key + right click on the file and copy as path and paste it in command prompt.


The log file extadsch.log can be found in the location C:extadsch.log. Open it with a notepad to view the log file. The highlighted text shows that Active Directory Schema has been extended successfully.



  • Hello Prajwal

    Our company has recently acquired another company. We have a two way
    trust established between our forests. I plan to deploy a Distribution
    point to the new forest for software deployments and imaging, but
    maintain only one Management Point in the original forest.

    How can I tell if the schema in our forest was extended when SCCM 2012 was deployed (before my time?)

    Does the schema need to be extended in the new forest? If so how would
    that be done without disrupting our current forest, as there is an
    active two way trust?

  • Hello Prajwal,
    You only need to put the Site Server inside the container right?
    If you have Site System Server (like Distribution Points) you don’t have to add them inside the container right?

  • I have been handed the reigns of the SCCM project at a school district. We currently have SCCM 2012 SP1 being utilized to the best of its ability from people prior to me. We have had Microsoft Premier out assisting us with a side by side install of SCCM 2012 R2 on a completely different VLAN from the existing. My question is am I able to have 2 site servers with full permissions to the Systems Management Container? The only errors we have in the R2 upgrade are in regards to creating objects in AD which of course isn’t going to work if it doesn’t have permissions. Can I have 2 servers with permissions to the container? They are both in the same Domain.

  • thank you
    i want to ask if i extend the schema before with sccm 2007
    what happen to extend the schema with 2012 and if i can remove the effect of 2007

  • Hi Prajwal,
    I have face this situation : When I ran the extadsch.exe in order to extend the AD, I had the following errors :
    Error Code = 8202, at the Class MS-SMS-Managament-Point creation step and further…

    I just reran the command, and it went through without any problems.. Just wanted to share it with people that may have the same issue..
    I have to mention that I have two DCs in my forests, so I am presuming that is a matter of replication time here.. isn’t it?

  • Hi there,

    These articles are fantastic. Excellent documentation.

    One quick question though, If I have SCCM 2007 running already. For instance, from the System Management container, I see SMS-SITE-ABC (mSSMSSite) and other containers for ManagementPoint and ServerLocatorPoint exist. Should it cause any issue if I deploy SCCM2012 using a differnet site name?

    Can both system run in Paralle?



  • >