none
sccm 2012 System Management Container in AD

    Question

  • We recently installed SCCM 2012 and currently have SCCM 2007 in production. We have new staff, and not one of us knows if it was necessary to manually give our SCCM 2007 Computer account full control to the System Management Container, so we elected not to do that for SCCM 2012- assuming that the install routine may set the AD permissions automatically.

    The computer account for our SCCM 2012 box still doesn't have full access to this OU and my plan is to begin the migration process- setup a new distribution point and migrate collections etc. What are the implications/impact of this? Will SCCM 2012 fail because I dont have access to the System Management OU?

    Sunday, August 19, 2012 2:06 PM

Answers

  • Justin,

    If the computer account do not have access to the System Management container then it will not be able to publish any data to Active Directory. You will still be able to run ConfigMgr 2012 you just have to do a tell the clients where they can find the MP. there is no harm done, you can always tell CM12 to publish data to Active Directory once the permissions are fixed.


    Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund

    Sunday, August 19, 2012 7:25 PM
  • It would definately be a good idea to give your new CM 2012 server full control to the system management container.

    1.Open ADSI Edit < Click Action < Click connect to < Click ok with the default name

    2. Verify the System Mangement container is infact created under the system container. If not create one.

    3. Right click the system management contain and click properties

    4. go to security tab and click advanced

    5. in the object types add computers

    6. search for the server that is running the cm 2012 server

    7. give the computer full control and choose this object and all decending objects


    Justin | http://patchmypc.net


    Sunday, August 19, 2012 2:33 PM

All replies

  • It would definately be a good idea to give your new CM 2012 server full control to the system management container.

    1.Open ADSI Edit < Click Action < Click connect to < Click ok with the default name

    2. Verify the System Mangement container is infact created under the system container. If not create one.

    3. Right click the system management contain and click properties

    4. go to security tab and click advanced

    5. in the object types add computers

    6. search for the server that is running the cm 2012 server

    7. give the computer full control and choose this object and all decending objects


    Justin | http://patchmypc.net


    Sunday, August 19, 2012 2:33 PM
  • Justin,

    If the computer account do not have access to the System Management container then it will not be able to publish any data to Active Directory. You will still be able to run ConfigMgr 2012 you just have to do a tell the clients where they can find the MP. there is no harm done, you can always tell CM12 to publish data to Active Directory once the permissions are fixed.


    Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund

    Sunday, August 19, 2012 7:25 PM