locked
System Container & AD Schema extend RRS feed

  • Question

  • Dear all,

    yesterday, i have PoC (Proof of Concept) about SCCM in one of banking company in my country. They have a multi site domain controller depend on their country.

    when i'm presenting about step by step installation, one of step is create a container in ADSI Edit & extend schema AD become a red point because they think their regional group won't accept changing in their domain controller (Create Container & extend schema).

    One thing i want to ask are, is there any possibilities when we don't do that step the SCCM installation could be still running or there is another workaround that we need to do?

    thanks & Best Regards,

    Iyus Dedi Putra


    Best Regards, Iyus Dedi Putra

    Tuesday, June 9, 2015 2:52 AM

Answers

  • Hi,

    Extending Active Directory schema is not mandatory, so you can perform installation without this requirement done. Pre-requisites checker will display a warning but you can go on.

    Extending Active directory schema simplify SCCM client installation because domain joined computers will be able to locate SCCM Servers components by querying Active Directory.

    Without this option enabled, you'll still be able to enable you client computers to locate SCCM servers comopnents by updating DNS SRV records (here) or by adding the SMSSLP=<Serverfqdn> in Client installation command line (more information here)

    Regards,


    Régis Lainé | My Blog | My contributions
    Please mark as helpful/answer if this resolved your post

    Tuesday, June 9, 2015 6:27 AM

All replies

  • Hi,

    When you run the SCCM Installation wizard, the prerequisite check will display the potential installation problems.

    You must create the System Management container and set security permissions on the System Management container but not have to extend the schema.

    Extending the Active Directory Schema for ConfigMgr 2012 allows clients to retrieve many types of information related to Configuration Manager from a trusted source. In some cases, there are workarounds for retrieving the necessary information if the Active Directory schema is not extended, but they are all less secure than querying Active Directory Domain Services directly. Additionally, not extending the schema might incur significant workload on other administrators who might need to create and maintain the workaround solutions such as logon scripts and Group Policy objects (GPO) for computers and users in your organization.

    For more information, please review the link below:

    Extending the Schema in System Center 2012 Configuration Manager

    http://blogs.technet.com/b/configurationmgr/archive/2012/10/30/extending-the-schema-in-system-center-2012-configuration-manager.aspx


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 9, 2015 6:26 AM
  • Hi,

    Extending Active Directory schema is not mandatory, so you can perform installation without this requirement done. Pre-requisites checker will display a warning but you can go on.

    Extending Active directory schema simplify SCCM client installation because domain joined computers will be able to locate SCCM Servers components by querying Active Directory.

    Without this option enabled, you'll still be able to enable you client computers to locate SCCM servers comopnents by updating DNS SRV records (here) or by adding the SMSSLP=<Serverfqdn> in Client installation command line (more information here)

    Regards,


    Régis Lainé | My Blog | My contributions
    Please mark as helpful/answer if this resolved your post

    Tuesday, June 9, 2015 6:27 AM
  • One quick correction the answer by Regis, SMSMLP is no longer valid -- it does kind of work but shouldn't really be used -- see the blog post linked in the reply.

    To tackle the issue at hand though, extending the schema for ConfigMgr is completely benign and does not touch any existing schema classes or attributes. Similarly, the System Management container is a completely new container created in a semi-reserved portion of the directory that will have no impact on any operations. It's like adding a new TV to your house -- it's no big deal and enables you to watch TV in a new room.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, June 9, 2015 1:02 PM
  • Hi,

    Extending Active Directory schema is not mandatory, so you can perform installation without this requirement done. Pre-requisites checker will display a warning but you can go on.

    Extending Active directory schema simplify SCCM client installation because domain joined computers will be able to locate SCCM Servers components by querying Active Directory.

    Without this option enabled, you'll still be able to enable you client computers to locate SCCM servers comopnents by updating DNS SRV records (here) or by adding the SMSSLP=<Serverfqdn> in Client installation command line (more information here)

    Regards,


    Régis Lainé | My Blog | My contributions
    Please mark as helpful/answer if this resolved your post

    Dear Regis,

    so the answer is, we could still continue the sccm installation even if we didn't install create container & extend schema.

    but another question is, what issue that could happen if we didn't extend schema & create a container ? is there will decrease the features? or what is the possibility issues that could happen?

    Thanks & Best Regards,

    Iyus Dedi Putra


    Best Regards, Iyus Dedi Putra

    Wednesday, June 10, 2015 7:32 AM
  • The guys are right. Technically you do not have to extend the schema but in my opinion this is just giving you un-necessary hassle. ConfigMgr is a complicated enough product to deploy successfully without putting obstacles in your way. I've done this many times and I've never seen or heard of any difficulty caused by the schema extension. It merely ADDS 14 new attributes and 4 new classes to the Active Directory database. As Jason say it does NOT modify any existing attributes. See the screenshot below for the list of new attributes and classes



    Gerry Hampson | Blog: www.gerryhampsoncm.blogspot.ie | LinkedIn: Gerry Hampson | Twitter: @gerryhampson

    Wednesday, June 10, 2015 7:53 AM
  • One quick correction the answer by Regis, SMSMLP is no longer valid -- it does kind of work but shouldn't really be used -- see the blog post linked in the reply.

    To tackle the issue at hand though, extending the schema for ConfigMgr is completely benign and does not touch any existing schema classes or attributes. Similarly, the System Management container is a completely new container created in a semi-reserved portion of the directory that will have no impact on any operations. It's like adding a new TV to your house -- it's no big deal and enables you to watch TV in a new room.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Hi Jason,

    Thanks for your answer,

    SMSMLP is no longer valid -- it does kind of work but shouldn't really be used --> is there any workaround that we could used to besides that?

    or if we must to extend & create container, is there any technet article which say that we must extend AD schema because if we didn't do it there will ....blablabla (feature or trouble) happen?

    We need a good reason to push their group company accept our plan to do that step installation.

    Thanks & Best Regards,

    Iyus Dedi Putra


    Best Regards, Iyus Dedi Putra

    Wednesday, June 10, 2015 7:57 AM