locked
Failed to extend the Active Directory schema for SCCM RRS feed

  • Question

  • <02-25-2012 14:03:45> Modifying Active Directory Schema - with SMS extensions.
    <02-25-2012 14:03:46> DS Root:CN=Schema,CN=Configuration,DC=BOA,DC=CO,DC=IN
    <02-25-2012 14:03:46> Failed to create attribute cn=MS-SMS-Site-Code.  Error code = 8224.
    <02-25-2012 14:03:46> Failed to create attribute cn=mS-SMS-Assignment-Site-Code.  Error code = 8224.
    <02-25-2012 14:03:46> Failed to create attribute cn=MS-SMS-Site-Boundaries.  Error code = 8224.
    <02-25-2012 14:03:46> Failed to create attribute cn=MS-SMS-Roaming-Boundaries.  Error code = 8224.
    <02-25-2012 14:03:46> Failed to create attribute cn=MS-SMS-Default-MP.  Error code = 8224.
    <02-25-2012 14:03:46> Failed to create attribute cn=mS-SMS-Device-Management-Point.  Error code = 8224.
    <02-25-2012 14:03:46> Failed to create attribute cn=MS-SMS-MP-Name.  Error code = 8224.
    <02-25-2012 14:03:46> Failed to create attribute cn=MS-SMS-MP-Address.  Error code = 8224.
    <02-25-2012 14:03:46> Failed to create attribute cn=mS-SMS-Health-State.  Error code = 8224.
    <02-25-2012 14:03:46> Failed to create attribute cn=mS-SMS-Source-Forest.  Error code = 8224.
    <02-25-2012 14:03:46> Failed to create attribute cn=MS-SMS-Ranged-IP-Low.  Error code = 8224.
    <02-25-2012 14:03:46> Failed to create attribute cn=MS-SMS-Ranged-IP-High.  Error code = 8224.
    <02-25-2012 14:03:46> Failed to create attribute cn=mS-SMS-Version.  Error code = 8224.
    <02-25-2012 14:03:46> Failed to create attribute cn=mS-SMS-Capabilities.  Error code = 8224.
    <02-25-2012 14:03:46> Failed to create class cn=MS-SMS-Management-Point.  Error code = 8202.
    <02-25-2012 14:03:46> Failed to create class cn=MS-SMS-Server-Locator-Point.  Error code = 8202.
    <02-25-2012 14:03:46> Failed to create class cn=MS-SMS-Site.  Error code = 8202.
    <02-25-2012 14:03:46> Failed to create class cn=MS-SMS-Roaming-Boundary-Range.  Error code = 8202.
    <02-25-2012 14:03:46> Failed to extend the Active Directory schema, please find details in "C:\ExtADSch.log".
    Saturday, March 24, 2012 8:20 AM

Answers

  • I found out my issue, I was setting this up in a test lab and only had one of the two domain controllers up, replicatoin wasnt working so I just ended up turing on the other DC and let them replicate, once they did this I was able to update the schema.
    • Marked as answer by Sabrina Shen Monday, June 25, 2012 1:41 AM
    Wednesday, June 20, 2012 7:07 PM

All replies

  • Hi,

    Make sure the user is a member of the Schema Admins group, is that the case?

    for more information on extending the Ad schema:

    http://technet.microsoft.com/en-us/library/bb680608.aspx

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    • Proposed as answer by Jason Sandys [MSFT]MVP Saturday, March 24, 2012 2:23 PM
    • Marked as answer by Yog Li Wednesday, April 4, 2012 8:28 AM
    • Unmarked as answer by Sabrina Shen Monday, June 25, 2012 1:41 AM
    Saturday, March 24, 2012 8:45 AM
  • one other issue i faced on one of the client they trying to run the schema update from child domain make sure it is run on forest root domain with schema admin rights.

    Syed Kasif

    Sunday, March 25, 2012 11:48 AM
  • Did you check the ExtADSch.log which is mentioned above.

    Please check the account with which you were extending the schema and make sure that the account was not removed from the schema admins group and Domain Admin groups.

    Please check if the fsmo roles is assigned to the DC by running the command netdom /query fsmo.


    Sabrina

    TechNet Community Support

    • Proposed as answer by wahurst Monday, November 11, 2013 10:39 AM
    Wednesday, March 28, 2012 8:52 AM
  • I have the exact same error described here, however I am a member of Schema Admins.  I have also tried to log onto the DC as administrator with the same results.  Any Ideas?

    DC Functional level is Windows Server 2008 R2


    • Edited by William Lee Wednesday, June 20, 2012 6:18 PM
    Wednesday, June 20, 2012 6:17 PM
  • What does the log file say?

    Being on a DC makes no difference because the changes can only be made on the schema master so running the tool on the site server, a client, or a DC still initiates a connection to the schema master.

    The only time I've ever seen it fail is if you have replication issues in the forest or the schema master is unreachable.


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Wednesday, June 20, 2012 6:40 PM
  • I found out my issue, I was setting this up in a test lab and only had one of the two domain controllers up, replicatoin wasnt working so I just ended up turing on the other DC and let them replicate, once they did this I was able to update the schema.
    • Marked as answer by Sabrina Shen Monday, June 25, 2012 1:41 AM
    Wednesday, June 20, 2012 7:07 PM
  • thanks very much

    i did the same as you suggested and brought the second DC online, then the extadsch.exe could successfully extend the schema

    now i've installed SCCM 2012 without issues.

    i appreciate your help


    MGA2008

    Monday, September 17, 2012 11:57 AM
  • Checking the command  netdom /query fsmo showed that I was on the wrong DC - thanks for the tip.
    • Proposed as answer by Rashmika Wednesday, August 21, 2019 3:36 PM
    Monday, November 11, 2013 10:39 AM
  • Checking the command  netdom /query fsmo showed that I was on the wrong DC - thanks for the tip.

    Likewise.

    Also realized that my other DC is 32-bit so I had to use the 32bit version of ExtADSch.exe.

    Thursday, February 20, 2014 6:07 AM
  • I actually ran into this problem today and was banging my head on the desk for a solid 20 minutes.  Don't forget that when you are attempting to extend the schema, you must prepare AD Schema to be modified to registering the schmmgmt.dll

    To do this, run regsvr32 schmmgmt.dll in an elevated command prompt or PowerShell window.  This only needs to be done once to prepare the schema for modification.  Do this on the Schema Master DC.

    So embarrassing that I didn't remember that off the top of my head.  Lol.

    • Proposed as answer by Steve of HHCP Tuesday, August 8, 2017 5:37 PM
    Monday, March 27, 2017 4:29 PM
  • Thanks so much for this. I also ran into this issue.
    Friday, June 30, 2017 8:54 AM
  • Worked for me, Thank you

    ~Steve

    Tuesday, August 8, 2017 5:38 PM
  • I am trying to extend the schema in a single domain/forest 2016 running SCCM step 1809.

    I am getting DLL errors, and these are OLD DLL errors that Windows has had for decades!
    What the heck?
    BELIEVE IT OR NOT, SCCM build their app on OLD DLLs:
    https://support.microsoft.com/en-us/help/3174417 


    Patrick Burwell, Sr. Systems Engineer


    Sunday, November 11, 2018 9:32 AM
  • Sorry, you need to be a lot more specific here. The DLL mention in this thread has *nothing* to do with ConfigMgr. Additionally, you don't ever build against a specific DLL version -- that's the whole point of a DLL.

    Are you referring to the Visual C++ DLLs?


    Jason | https://home.configmgrftw.com | @jasonsandys

    Sunday, November 11, 2018 7:43 PM
  • after 2 tries with just my main DC up, bringing up the 2nd DC worked for me as well in my lab after receiving the same error.  DC02 was up/powered on, but had not been logged into yet.  after logging in I switched back to my SCCM server and extadsch worked.  Thanks!
    Sunday, May 12, 2019 2:06 PM
  • I am trying to extend the schema in a single domain within Windows Sever 2016 using SC_Configmgr_SCEP_1902. and im getting the same error here.

    I am trying to extend the schema in a single domain controller server 2016 using SC_Configmgr_SCEP_1902.

    <11-14-2019 10:44:01> Modifying Active Directory Schema - with SMS extensions.
    <11-14-2019 10:44:01> DS Root:CN=Schema,CN=Configuration,DC=dcs,DC=local
    <11-14-2019 10:44:01> Failed to create attribute cn=MS-SMS-Site-Code.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create attribute cn=mS-SMS-Assignment-Site-Code.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create attribute cn=MS-SMS-Site-Boundaries.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create attribute cn=MS-SMS-Roaming-Boundaries.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create attribute cn=MS-SMS-Default-MP.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create attribute cn=mS-SMS-Device-Management-Point.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create attribute cn=MS-SMS-MP-Name.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create attribute cn=MS-SMS-MP-Address.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create attribute cn=mS-SMS-Health-State.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create attribute cn=mS-SMS-Source-Forest.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create attribute cn=MS-SMS-Ranged-IP-Low.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create attribute cn=MS-SMS-Ranged-IP-High.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create attribute cn=mS-SMS-Version.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create attribute cn=mS-SMS-Capabilities.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create class cn=MS-SMS-Management-Point.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create class cn=MS-SMS-Server-Locator-Point.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create class cn=MS-SMS-Site.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to create class cn=MS-SMS-Roaming-Boundary-Range.  Error code = 8224.
    <11-14-2019 10:44:01> Failed to extend the Active Directory schema, please find details in "C:\ExtADSch.log".

    Created a new admin user and configured this as member of schema admins group, Domain users, and Enterprise Admins, but still throwing the same error.

    Here's a results of the netdom command:

    C:\Windows\system32>netdom /query fsmo
    Schema master               dcs2.dcs.local 
    Domain naming master        dcs2.dcs.local
    PDC                         masterserver.dcs.local
    RID pool manager            masterserver.dcs.local
    Infrastructure master       masterserver.dcs.local
    The command completed successfully.

    Note: masterserver.dcs.local is my old DC (server 2012 R2) which Ive previously migrated to the server 2016. Now sure why still showing up there.


    Thursday, November 14, 2019 7:01 PM
  • > [Not] sure why still showing up there.

    Because you didn't properly migrate everything over including those FSMO roles and of course can't change the schema because of that. If that server no longer exists, then you need to seize the FSMO roles on the new domain controller: https://support.microsoft.com/en-us/help/255504/using-ntdsutil-exe-to-transfer-or-seize-fsmo-roles-to-a-domain-control


    Jason | https://home.configmgrftw.com | @jasonsandys

    Friday, November 15, 2019 6:57 PM
  • Same here but I had a child domain which was down the time i was extending Schema and i got the error, once child domain backed UP i could extend Schema. 
    Friday, June 19, 2020 1:37 PM