June 22 2013

The System Management container



----------------------------------------------------------------------------
I use a maximum of one Google Ad per post to help offset some of my blog hosting costs.

----------------------------------------------------------------------------

I’m often asked what the System Management container in Active Directory is used for. SCCM can use this container to store a small amount of configuration data for clients (or at least clients that are attempting an installation) can retrieve and use.

Configuration that is commonly stored in this container includes:

  • Client computer installation and site assignment (eg installation properties like management points, client cache size)
  • Port configuration for client-to-server communication
  • Network Access Protection (validate a client’s statement of health)
  • Content deployment scenarios (eg if you plan to create content at a primary site and deploy that content to a secondary site below a different primary site, you can use the container to obtain the source primary site’s public key)

A full list and much more detail is available from http://technet.microsoft.com/en-us/library/gg712272

Important information worth noting:

  • Site Servers will only write their information into the System Management container in their OWN domain
  • SCCM clients will query a global catalog to retrieve this information, so as long as they are in the same AD forest then they can query information from all domains, not just their own
  • The System Management container needs to be created manually, it isn’t done by the SCCM setup process
  • Permissions must be set manually on the System Management container. The primary site server computer account must be granted Full Control permissions to the System Management container and all its child objects. If you have secondary sites, the secondary site server computer account must also be granted Full Control permissions to the System Management container and all its child objects.

 



----------------------------------------------------------------------------
I use a maximum of one Google Ad per post to help offset some of my blog hosting costs.

----------------------------------------------------------------------------

April 17 2012

SCCM 2012 Active Directory Schema changes

I’ve previously blogged about the AD schema changes made by SCCM 2007 (http://blog.danovich.com.au/2010/11/03/sccm-active-directory-schema-changes/).

Recently I prepared an environment for SCCM 2012 – the schema extension is exactly the same for SCCM 2012 so if you have already extended it for SCCM 2007, there’s no need to extend it for SCCM 2012.

As before, it creates 4 new classes and 18 associated attributes as follows:


attribute cn=MS-SMS-Site-Code
attribute cn=mS-SMS-Assignment-Site-Code.
attribute cn=MS-SMS-Site-Boundaries.
attribute cn=MS-SMS-Roaming-Boundaries.
attribute cn=MS-SMS-Default-MP.
attribute cn=mS-SMS-Device-Management-Point.
attribute cn=MS-SMS-MP-Name.
attribute cn=MS-SMS-MP-Address.
attribute cn=mS-SMS-Health-State.
attribute cn=mS-SMS-Source-Forest.
attribute cn=MS-SMS-Ranged-IP-Low.
attribute cn=MS-SMS-Ranged-IP-High.
attribute cn=mS-SMS-Version.
attribute cn=mS-SMS-Capabilities.
class cn=MS-SMS-Management-Point.
class cn=MS-SMS-Server-Locator-Point.
class cn=MS-SMS-Site.
class cn=MS-SMS-Roaming-Boundary-Range.

 
 

November 3 2010

SCCM Active Directory Schema changes

You’ll often need to detail what changes are being made during an Active Directory Schema modification / update / upgrade / extension / whatever you want to call it.

The SCCM 2007 schema extension does not change any existing classes or attributes, it creates 4 new classes and 18 associated attributes as follows:

attribute cn=mS-SMS-Assignment-Site-Code.
attribute cn=MS-SMS-Site-Boundaries.
attribute cn=MS-SMS-Roaming-Boundaries.
attribute cn=MS-SMS-Default-MP.
attribute cn=mS-SMS-Device-Management-Point.
attribute cn=MS-SMS-MP-Name.
attribute cn=MS-SMS-MP-Address.
attribute cn=mS-SMS-Health-State.
attribute cn=mS-SMS-Source-Forest.
attribute cn=MS-SMS-Ranged-IP-Low.
attribute cn=MS-SMS-Ranged-IP-High.
attribute cn=mS-SMS-Version.
attribute cn=mS-SMS-Capabilities.
class cn=MS-SMS-Management-Point.
class cn=MS-SMS-Server-Locator-Point.
class cn=MS-SMS-Site.
class cn=MS-SMS-Roaming-Boundary-Range.