myITforum.com Community Forum myITforum.com Community Forum

Home  Forums  Blogs  Live Support chat  Search Articles  Wiki  FAQ  Email Lists  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

All Forums RSS Feed Subscription:


  


Problems Extending AD Schema

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
  Printable Version
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> Problems Extending AD Schema Page: [1]
Login
Message << Older Topic   Newer Topic >>
Problems Extending AD Schema - 10/2/2008 1:44:30 PM   
sjackson9

 

Posts: 37
Score: 0
Joined: 5/29/2007
Status: offline 		The folllowing log appears when I attempt to extend the AD schema using the extadsch.exe file

<09-24-2008 14:14:53> Modifying Active Directory Schema - with SMS extensions.
<09-24-2008 14:14:54> DS Root:CN=Schema,CN=Configuration,DC=dofasco,DC=ca
<09-24-2008 14:14:54> Attribute cn=MS-SMS-Site-Code already exists.
<09-24-2008 14:14:54> Attribute cn=mS-SMS-Assignment-Site-Code already exists.
<09-24-2008 14:14:54> Attribute cn=MS-SMS-Site-Boundaries already exists.
<09-24-2008 14:14:54> Attribute cn=MS-SMS-Roaming-Boundaries already exists.
<09-24-2008 14:14:54> Attribute cn=MS-SMS-Default-MP already exists.
<09-24-2008 14:14:54> Attribute cn=mS-SMS-Device-Management-Point already exists.
<09-24-2008 14:14:54> Attribute cn=MS-SMS-MP-Name already exists.
<09-24-2008 14:14:54> Attribute cn=MS-SMS-MP-Address already exists.
<09-24-2008 14:14:56> Defined attribute cn=mS-SMS-Health-State.
<09-24-2008 14:14:57> Defined attribute cn=mS-SMS-Source-Forest.
<09-24-2008 14:14:57> Attribute cn=MS-SMS-Ranged-IP-Low already exists.
<09-24-2008 14:14:57> Attribute cn=MS-SMS-Ranged-IP-High already exists.
<09-24-2008 14:14:57> Defined attribute cn=mS-SMS-Version.
<09-24-2008 14:14:58> Defined attribute cn=mS-SMS-Capabilities.
<09-24-2008 14:15:00> Failed to create class cn=MS-SMS-Management-Point.  Error code = 8202.
<09-24-2008 14:15:00> Failed to create class cn=MS-SMS-Server-Locator-Point.  Error code = 8202.
<09-24-2008 14:15:00> Failed to create class cn=MS-SMS-Site.  Error code = 8202.
<09-24-2008 14:15:00> Failed to create class cn=MS-SMS-Roaming-Boundary-Range.  Error code = 8202.
<09-24-2008 14:15:00> Failed to extend the Active Directory schema

This is all being done in an isolated test lab. It appears that the schema has already been updated? I think? There is an SMS 2003 site server with the same Site Code. I have given the permissions to the machine account in the system container in AD - 5 objects 2 Folders and 3 Files. Clients appear to be updated through the client push, but there is a problem with the Site Hierarchy Component Status Message. 

Error 6912 - Systems Management Server cannot update the already existing object "cn=SMS-SLP-H01-VMDEVSCCM" in Active Directory.
Possible cause: This site's SMS Service account or the site server's machine account may not have full control rights for the "System Management" container in Active Directory
Solution: Give the site's SMS Service account full control rights to the "System Management" container, and all child objects in Active Directory.
Possible cause: The Active Directory object "cn=SMS-SLP-H01-VMDEVSCCM" has been moved to a location outside of the "System Management" container, or has been lost.
Solution: Delete the object from its current location, and let SMS create a new object.
Possible cause: The Active Directory schema has not been extended with the correct SMS Active Directory classes and attributes.
Solution: Turn off Active Directory publishing for each site in the forest, until the schema can be extended.  The schema can be extended with the tool "extadsch.exe" from the SMS CD. 

Any suggestions?
Post #: 1
RE: Problems Extending AD Schema - 10/2/2008 1:53:07 PM   
bhethcote497

 

Posts: 124
Score: 11
Joined: 4/30/2007
Status: offline 		You mention that you have give the server rights to the System container in AD.  Is there a "System Management" container under the "System" container?  The server will need rights to the "System Management" container (and all child objects).  Does the account that is being used to extend the schema have Schma Admin rights?

BH

(in reply to sjackson9)
Post #: 2
RE: Problems Extending AD Schema - 10/2/2008 3:26:28 PM   
sjackson9

 

Posts: 37
Score: 0
Joined: 5/29/2007
Status: offline 		thanks for the reply

There is a System Management Container and I have given rights to the site server computer account. There are 2 folders and 3 files? It appears some are from the SMS 2003 Server? My account was given the right to extend the schema on the root domain controller.

(in reply to bhethcote497)
Post #: 3
RE: Problems Extending AD Schema - 10/2/2008 4:15:19 PM  1 votes
hcortez463


Posts: 780
Score: 62
Joined: 4/8/2005
Status: offline 		make sure you go to advanced option and check full rights to partent and child objects

_____________________________

If it Helps, Please rate....

(in reply to sjackson9)
Post #: 4
RE: Problems Extending AD Schema - 10/2/2008 5:15:47 PM   
jsandys


Posts: 531
Score: 17
Joined: 3/24/2005
From: San Antonio, TX
Status: offline 		From the log above, it looks like everything had already been created and that's way this attempt failed.  Open the Schema Admin MMC and check to see if the class and attributes exist.

_____________________________

Jason
________________________________________
http://myitforum.com/cs2/blogs/jsandys/default.aspx

(in reply to hcortez463)
Post #: 5
RE: Problems Extending AD Schema - 10/6/2008 4:12:16 PM   
sjackson9

 

Posts: 37
Score: 0
Joined: 5/29/2007
Status: offline 		Sorry, what exactly would I be looking for? The Schema Admin MMC has SMS classes but I do not see any SCCM classes?

Thanks

(in reply to jsandys)
Post #: 6
RE: Problems Extending AD Schema - 10/6/2008 4:33:25 PM   
jsandys


Posts: 531
Score: 17
Joined: 3/24/2005
From: San Antonio, TX
Status: offline 		The classes and attributes are listed in the log file above.

Attributes:  cn=MS-SMS-Site-Code, cn=mS-SMS-Assignment-Site-Code, cn=MS-SMS-Site-Boundaries, cn=MS-SMS-Roaming-Boundaries, cn=MS-SMS-Default-MP, cn=mS-SMS-Device-Management-Point, cn=MS-SMS-MP-Name, cn=MS-SMS-MP-Address

Classes:  cn=MS-SMS-Management-Point, cn=MS-SMS-Server-Locator-Point, cn=MS-SMS-Site, cn=MS-SMS-Roaming-Boundary-Range

_____________________________

Jason
________________________________________
http://myitforum.com/cs2/blogs/jsandys/default.aspx

(in reply to sjackson9)
Post #: 7
RE: Problems Extending AD Schema - 10/6/2008 4:53:04 PM  1 votes
hcortez463


Posts: 780
Score: 62
Joined: 4/8/2005
Status: offline 		this should help

http://technet.microsoft.com/en-us/library/bb633121.aspx


_____________________________

If it Helps, Please rate....

(in reply to jsandys)
Post #: 8
RE: Problems Extending AD Schema - 10/7/2008 2:21:53 PM   
sjackson9

 

Posts: 37
Score: 0
Joined: 5/29/2007
Status: offline 		Thanks for the replies

All of those objects appear when I use the Active Directory Users and Computers and security is in place. But when I use the adsiedit.msc tool. The objects CN=SMS-MP-H01-VMDEVSCCM and CN=SMS-SLP-H01-VMDEVSCCM can not be found when I attempt to bring up the properties. I was looking at the Article "How to verify Information is Published to Active Directory Domain"

Should I try and run the extadsch.exe tool once again?

All of the AD objects were imported from the production server to this isolated lab. The site code for the production SMS 2003 = H01. I was wondering if there is a conflict with the site code? just a guess.

thanks

(in reply to hcortez463)
Post #: 9
RE: Problems Extending AD Schema - 10/7/2008 2:25:39 PM  1 votes
hcortez463


Posts: 780
Score: 62
Joined: 4/8/2005
Status: offline 		in SCCM SLP is not required so you wont have that in AD unless you setup the role.    Make sure that  publish to AD option is checked in SCCM

_____________________________

If it Helps, Please rate....

(in reply to sjackson9)
Post #: 10
RE: Problems Extending AD Schema - 10/7/2008 2:28:45 PM   
sjackson9

 

Posts: 37
Score: 0
Joined: 5/29/2007
Status: offline 		The option "publish this site in active directory domain services' is checked
thanks

(in reply to hcortez463)
Post #: 11
RE: Problems Extending AD Schema - 10/7/2008 2:30:15 PM   
hcortez463


Posts: 780
Score: 62
Joined: 4/8/2005
Status: offline 		so is your problem fixed? :)

_____________________________

If it Helps, Please rate....

(in reply to sjackson9)
Post #: 12
RE: Problems Extending AD Schema - 10/7/2008 2:30:46 PM   
jsandys


Posts: 531
Score: 17
Joined: 3/24/2005
From: San Antonio, TX
Status: offline 		extadsch.exe extends the schema, it does not create the objects in AD.  ConfigMgr will do this using the option specified by hcortez above.  Did you manually create the System Management container and grant the ConfigMgr server permissions on the container?

http://technet.microsoft.com/en-us/library/bb680711.aspx
http://technet.microsoft.com/en-us/library/bb632591.aspx
http://technet.microsoft.com/en-us/library/bb633169.aspx


_____________________________

Jason
________________________________________
http://myitforum.com/cs2/blogs/jsandys/default.aspx

(in reply to hcortez463)
Post #: 13
RE: Problems Extending AD Schema - 10/8/2008 4:03:31 PM   
sjackson9

 

Posts: 37
Score: 0
Joined: 5/29/2007
Status: offline 		I will try and explain better.

When I view the System Management Folder in the Active Directory Users and Computers Tool - under this folder there are 3 objects. The objects do not appear to be the SCCM objects. The objects appear to be the old SMS objects. This is what exists
SMS-MP-H01-VMDEVSMSPRI folder
SMS-SLP-H01-VMDEVSMSPRI folder
SMS-SITE-H01 file
I can right click these objects and open the properties.
The VMDEVSMSPRI is the SMS 2003 Server in the Production domain. So I am guessing that this was brought over when our Active Directory Administrator  exported all objects to this AD server in the isolated lab.
In the ADSIEDIT tool, I can view the the System Managment directory but the objects are different. It doesn't have the VMDEVSMSPRI folder objects.
It has the following:
SMS-MP-H01-VMDEVSCCM folder
SMS-SLP-H01-VMDEVSCCM folder
SMS-Site-H01 file
I can not right click and open the properties of the 2 folders, even though I have published this site. I can right click and open the file.

Options:
The site code H01 is the same for SCCM and was the same for SMS 2003. Big mistake on my part (i think).
Should I delete the VMDEVSMSPRI objects manually in the AD system container or is there a proper procedure to delete? It doesn't matter there is no SMS 2003 server in the isolated lab. Then create the objects SCCM objects manually and give the proper permissions? or re-run the extadsch.exe

Thanks for your patience

(in reply to jsandys)
Post #: 14
RE: Problems Extending AD Schema - 10/8/2008 4:11:05 PM   
hcortez463


Posts: 780
Score: 62
Joined: 4/8/2005
Status: offline 		uhhhhggg.. why did he do that ??  Im taking a shot here but i would delete the folders and let SCCM create them.

_____________________________

If it Helps, Please rate....

(in reply to sjackson9)
Post #: 15
RE: Problems Extending AD Schema - 10/8/2008 4:14:59 PM   
jsandys


Posts: 531
Score: 17
Joined: 3/24/2005
From: San Antonio, TX
Status: offline 		Yes, just delete the objects but let ConfigMgr recreate them, I think the SMS_SITE_COMPONENT_MANAGER creates them so you can just restart it to kick start the process after you delete the objects.  ConfigMgr will assign the proper permissions to the objects.  You may also want to verify that you have granted the correct permission to the System Management container.  Just to reiterate, extadsch.exe extends the schema, it does not create any objects; re-running it will not do anything because your schema is already extended.

_____________________________

Jason
________________________________________
http://myitforum.com/cs2/blogs/jsandys/default.aspx

(in reply to sjackson9)
Post #: 16
RE: Problems Extending AD Schema - 10/9/2008 9:20:39 AM   
sjackson9

 

Posts: 37
Score: 0
Joined: 5/29/2007
Status: offline 		I have deleted the System Managment container under System. Ran the extadsch.exe and it did not create the Systems Managment folder or objects like you stated. I am getting the following error message in the SMS_Hierarchy_Manager

SMS Systems Management Server could not locate the "System Management" container in Active Directory.  Nor could it create a default container.  This will prevent Site Component Manager and Hierarchy Manager from updating or adding any objects to Active Directory.
Possible cause: This site's  SMS Service account or the site server's machine account might not have the correct rights to update active directory.
Solution: Either give the Service Account rights to update the domain's System Container, or manually create the "System Management" container in this domain's Active Directory system container, and give the Service Account full rights to that container (and all children objects.)

So I manually created a System Management folder and gave the SCCM server computer account full control rights on the System Management folder and then ran extadsch.exe once again.
How can I check to see if this is working correctly now that I created the System Managment container? I'd like to have the Hierarchy_Manager not give me the error.
The 3 objects in the system management container still do not exist. Do they need to exist as pointers to the AD database?
Can I manually create or should I delete all of the attributes and classes in AD (this is ugly), and then re-run extadsch.exe?

Thanks

(in reply to jsandys)
Post #: 17
RE: Problems Extending AD Schema - 10/9/2008 9:36:19 AM   
hcortez463


Posts: 780
Score: 62
Joined: 4/8/2005
Status: offline 		clear out your logs for a clan start and like sjackson9 stated "I think the SMS_SITE_COMPONENT_MANAGER creates them so you can just restart it to kick start the process after you delete the objects.

_____________________________

If it Helps, Please rate....

(in reply to sjackson9)
Post #: 18
RE: Problems Extending AD Schema - 10/9/2008 12:05:54 PM   
sjackson9

 

Posts: 37
Score: 0
Joined: 5/29/2007
Status: offline 		Thanks everyone.

There are no errors messages in the Hierarchy_Manager or Site_Component_Manager - almost eveything is GREEN.

I rebooted the server and then 3 objects were created in the directory. I proceeded to give the SCCM server computer account FULL CONTROL rights on all of those objects. Then rebooted once again - no errors.

Here is just a heads-up. Just after this, I uninstall the old SMS 2003 server and it deleted the objects in the System Management container once again. I am convinced it has to do with using the same site code for SMS 2003 and SCCM 2007.

Thanks  

(in reply to sjackson9)
Post #: 19
RE: Problems Extending AD Schema - 10/9/2008 1:00:20 PM   
hcortez463


Posts: 780
Score: 62
Joined: 4/8/2005
Status: offline 		sorry, i guess i missed the fact that you  were using the same site code, with is not possible and you will run into many problems :)

_____________________________

If it Helps, Please rate....

(in reply to sjackson9)
Post #: 20
Page:   [1]
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> Problems Extending AD Schema Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts



  
Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.375