Configuration Manager Windows Server 2016 Active Directory Schema extend. We make it with GUI and PowerShell.
Contents
With GUI:
- Mount DVD or *.iso with SCCM distributive. Go to <drive letter>\ SMSSETUP\BIN\X64\ and execute extadsch.exe. After running check your C:\ root for file ExtADSch.log, open it, and make sure that the operation is complete successfully;
2. Find in all programs ADSI Edit and run it. Right Mouse Button click and select Connect to;
3. Leave by default, click OK;
4. Right Mouse Button click at CN=System and select New\Object;
5. Choose Container and click Next;
6. In Value enter System Management, click Next;
7. Click Finish;
8. Right Mouse Button click on the newly created container and select Properties;
9. Go to the Security tab and click Add;
10. In Object Types select Computers, enter your SCCM server name and click OK;
11. Set Full control and click OK;
By PowerShell:
Run PowerShell with admin rights;
To run extadsch.exe:
#Extend Schema
Start-Process -Filepath ('D:\SMSSETUP\BIN\X64\extadsch.exe') -Wait
Start-Sleep 30
#Confirm Schema Extension
$schema = [DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetCurrentSchema()
start-sleep 5
$schema.RefreshSchema()
$schema.FindClass("mSSMSSite")To create container and grant permissions:
Import-Module ActiveDirectory
$root = (Get-ADRootDSE).defaultNamingContext
if (!([adsi]::Exists("LDAP://CN=System Management,CN=System,$root"))) {
$smcontainer = New-ADObject -Type Container -name "System Management" -Path "CN=System,$root" -Passthru
}
$acl = get-acl "ad:CN=System Management,CN=System,$root"
$objGroup = Get-ADComputer -filter {Name -eq "<Your SCCM Server Name>"}
$All = [System.DirectoryServices.ActiveDirectorySecurityInheritance]::SelfAndChildren
$ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $objGroup.SID, "GenericAll", "Allow", $All
$acl.AddAccessRule($ace)
Set-acl -aclobject $acl "ad:CN=System Management,CN=System,$root"
