In this guide, we extend Windows Server 2016 Active Directory Schema for SCCM installation. We make it with GUI and by PowerShell.

With GUI:

Mount DVD or *.iso with SCCM distributive. Go to <drive letter>\ SMSSETUP\BIN\X64\ and execute extadsch.exe. After running check your C:\ root for file ExtADSch.log, open it and make sure that operation complete successfully;

Find in all programs ADSI Edit and run it. Right Mouse Button click and select Connect to;

leave by default, click OK;

Right Mouse Button click at CN=System and select New\Object;

Choose Container and click Next;

In Value enter System Management, click Next;

Flick Finish;

Right Mouse Button click on newly created container and select Properties;

Go to Security tab and click Add;

In Object Types select Computers, enter your SCCM server name and click OK;

Set Full control and click OK;

By PowerShell:

Run PowerShell with admin rights;

To run extadsch.exe:

#Extend Schema

Start-Process -Filepath ('D:\SMSSETUP\BIN\X64\extadsch.exe') -Wait

Start-Sleep 30

#Confirm Schema Extension

$schema = [DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetCurrentSchema()

start-sleep 5

$schema.RefreshSchema()

$schema.FindClass("mSSMSSite")

To create container and grant permissions:

Import-Module ActiveDirectory

$root = (Get-ADRootDSE).defaultNamingContext

if (!([adsi]::Exists("LDAP://CN=System Management,CN=System,$root"))) {

    $smcontainer = New-ADObject -Type Container -name "System Management" -Path "CN=System,$root" -Passthru        

}

$acl = get-acl "ad:CN=System Management,CN=System,$root"

$objGroup = Get-ADComputer -filter {Name -eq "<Your SCCM Server Name>"}

$All = [System.DirectoryServices.ActiveDirectorySecurityInheritance]::SelfAndChildren

$ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $objGroup.SID, "GenericAll", "Allow", $All

$acl.AddAccessRule($ace)

Set-acl -aclobject $acl "ad:CN=System Management,CN=System,$root"

That’s all!