Skip to content

Prepare AD for SCCM Publishing

This section describes how to prepare Active Directory (AD) for System Center Configuration Manager (SCCM) by extending the AD schema, creating the System Management container, and delegating permissions to the SCCM server. These steps ensure SCCM can publish its site information into Active Directory.

Click Set up a Configuration Manager lab for detailed setup instructions and access to all necessary download links for the lab.

Steps:

1. Extend the AD Schema

  • Run the schema extension tool:
    extadsch.exe
  • Verify success in the log file: C:\extadsch.log

The extadsch.exe tool is located in:

SMSSETUP\BIN\X64 folder on the Configuration Manager installation media. Run this tool from the command line to view feedback while it runs.

2. Create the System Management Container

  • Open Server Manager → Tools → ADSI Edit and Active Directory Users and Computers (ADUC).
  • In ADSI Edit, right-click ADSI Edit → Connect.
  • Expand CN=System.
  • ERight-click CN=System → New → Object → Container.
  • Name the container: 
    System Management

Warning

Case sensitive – type exactly as shown.

  • Follow the prompts to complete.

3. Delegate Permissions to SCCM Server

  • Open Active Directory Users and Computers (ADUC) → Enable Advanced View.
  • Navigate to the System Management container.
  • Right-click System Management → Delegate Control.

  • Add the SCCM server computer account (e.g., SCCMSRV).

    • Click Add → Object Types → select Computers.
    • Enter the SCCM server name.

  • Select Create a custom task to delegate.

  • Grant Full Control permissions.

✅ At this point, Active Directory is prepared for SCCM publishing and the SCCM server can publish site information to AD.