구성 관리자 윈도우 서버 2016 액티브 디렉토리 Schema extend. We make it with GUI 그리고 파워셸.
With GUI:
- Mount DVD 또는 *.iso with SCCM distributive. 가십시오 <drive letter>\ SMSSETUP\BIN\X64\ and execute extadsch.exe. After running check your C:\ root for file ExtADSch.log, open it, and make sure that the operation is complete successfully;
2. Find in all programs ADSI Edit and run it. 마우스 오른쪽 버튼 click and select Connect to;
3. Leave by default, 딸깍 하는 소리 좋아요;
4. 마우스 오른쪽 버튼 click at CN=System 그리고 선택하십시오 New\Object;
5. Choose Container 그리고 클릭 다음;
6. ~ 안에 값 입력하다 System Management, 딸깍 하는 소리 다음;
7. 딸깍 하는 소리 Finish;
8. 마우스 오른쪽 버튼 click on the newly created container and select Properties;
9. 가십시오 the Security tab and click 추가하다;
10. ~ 안에 Object Types 선택하다 Computers, enter your SCCM server name and click 좋아요;
11. Set 완전한 제어 그리고 클릭 좋아요;
By PowerShell:
달리다 파워셸 관리자 권한으로;
To run extadsch.exe:
#Extend Schema
Start-Process -Filepath ('D:\SMSSETUP\BIN\X64\extadsch.exe') -Wait
Start-Sleep 30
#Confirm Schema Extension
$schema = [DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetCurrentSchema()
start-sleep 5
$schema.RefreshSchema()
$schema.FindClass("mSSMSSite")To create container and grant permissions:
Import-Module ActiveDirectory
$root = (Get-ADRootDSE).defaultNamingContext
if (!([adsi]::Exists("LDAP://CN=System Management,CN=System,$root"))) {
$smcontainer = New-ADObject -Type Container -name "System Management" -Path "CN=System,$root" -Passthru
}
$acl = get-acl "ad:CN=System Management,CN=System,$root"
$objGroup = Get-ADComputer -filter {Name -eq "<Your SCCM Server Name>"}
$All = [System.DirectoryServices.ActiveDirectorySecurityInheritance]::SelfAndChildren
$ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $objGroup.SID, "GenericAll", "Allow", $All
$acl.AddAccessRule($ace)
Set-acl -aclobject $acl "ad:CN=System Management,CN=System,$root"
