Hi all, I've tried to extend the AD in our org, but there are some problems that I'm a bit unsure how to deal with. Now, the update seems to go fine and with no errors. However, I'm having problems pushing clients (two installed and show up in configuration manager). According to http://technet.microsoft.com/en-us/library/bb693614.aspxI should go to a "system management" container, but this does not exist in my network...Anyone got an idea what/where/how to do? Cheers!

First, let's make sure the extension worked, bear with me here if you alread verified this: http://technet.microsoft.com/en-us/library/bb680608.aspx Next, the site needs to be enabled to publish http://technet.microsoft.com/en-us/library/bb680711.aspx Finally, make sure it did. http://technet.microsoft.com/en-us/library/bb693614.aspx Also look for errors on the site in system status related to Active Directory publishing. A common cause is that the site systems computer account does not have rights to the System Management container. Youmay need tocreate it yourself and assign permissions or give the site system's machine account enough rights temporarily to create it and then lock it down with the correct permissions.

Thanks for taking the time to answer this... Now, I didn't get any errors while extending the schema, but the System Management container is nowhere to be found. Also, my secondary DC is complaining about synchronizing because of a mismatch in the schema or something. Do you have a quick fix for that? Cheers!

Hi, Make sure you have enabled the "Advanced Feature" on view manu on "Active Directory Users and Computers" and then go to expand system container, then you will be able to find System Management container ThanksShaminda

No, View | Advanced Features is already enabled and "System\System Management" is nowhere to be found...

Lars you need to create the folder manually , how you do that can be found on the following link. http://technet.microsoft.com/en-us/library/bb632591.aspx

The System Management container is NOT created just by extending the AD schema. It gets created when the site server attempts to publish to AD, provided that the site server has rights to do so.

Not really. You only have to manually create the System Management container IF you don't want to give the site server computer account rights to the System container. If you do that (and all child objects), then no manual container creation is required. There is ZERO harm in granting the site server computer account full control to the System container and all child objects - most of our customers do that - as it is a computer account, so safe. But if you wish to be more granular, then yes, you can pre-create the container, grant the server rights to it (and all child objects) and all should work fine.

I had several errors in my log file when trying to extend the schema:<11-26-2007 12:45:33> Modifying Active Directory Schema - with SMS extensions.<11-26-2007 12:45:33> DS Root:CN=Schema,CN=Configuration,DC=Silect,DC=com<11-26-2007 12:46:05> Failed to create attribute cn=MS-SMS-Site-Code. Error code = 8206.<11-26-2007 12:46:37> Failed to create attribute cn=mS-SMS-Assignment-Site-Code. Error code = 8206.<11-26-2007 12:47:10> Failed to create attribute cn=MS-SMS-Site-Boundaries. Error code = 8206.<11-26-2007 12:47:42> Failed to create attribute cn=MS-SMS-Roaming-Boundaries. Error code = 8206.<11-26-2007 12:48:15> Failed to create attribute cn=MS-SMS-Default-MP. Error code = 8206.<11-26-2007 12:48:47> Failed to create attribute cn=mS-SMS-Device-Management-Point. Error code = 8206.<11-26-2007 12:49:19> Failed to create attribute cn=MS-SMS-MP-Name. Error code = 8206.<11-26-2007 12:49:52> Failed to create attribute cn=MS-SMS-MP-Address. Error code = 8206.<11-26-2007 12:50:24> Failed to create attribute cn=mS-SMS-Health-State. Error code = 8206.<11-26-2007 12:50:57> Failed to create attribute cn=mS-SMS-Source-Forest. Error code = 8206.<11-26-2007 12:51:29> Failed to create attribute cn=MS-SMS-Ranged-IP-Low. Error code = 8206.<11-26-2007 12:52:01> Failed to create attribute cn=MS-SMS-Ranged-IP-High. Error code = 8206.<11-26-2007 12:52:34> Failed to create attribute cn=mS-SMS-Version. Error code = 8206.<11-26-2007 12:53:06> Failed to create attribute cn=mS-SMS-Capabilities. Error code = 8206.<11-26-2007 12:53:06> Failed to create class cn=MS-SMS-Management-Point. Error code = 8202.<11-26-2007 12:53:06> Failed to create class cn=MS-SMS-Server-Locator-Point. Error code = 8202.<11-26-2007 12:53:06> Failed to create class cn=MS-SMS-Site. Error code = 8202.<11-26-2007 12:53:06> Failed to create class cn=MS-SMS-Roaming-Boundary-Range. Error code = 8202.<11-26-2007 12:53:06> Failed to extend the Active Directory schema.SMS *is* installed, as far as I'm aware.

SMS or Configuration Manager can be installed in an environment without extending the Active Directory. With these errors, I'd check the permissions listed earlier in this thread. That's what it sounds like to me.

Hi this can be caused by several different conditions. The3 most common scenarios that I have seen would be. 1) Account running schema update is not member of the right groups schema admins etc. 2) Your domain isnt in sync replication errors between your dc: s 3) A domain controller may have been removed in a bad way

#3 is probably the problem. We've had some trouble with a couple of DCs dying. We've patched things as best we can, but that is probably the cause.

Thanks for the tip. My problem was number 2. I had bad DNS entries that prevented replication. I fixed it and was able to update the schema.Thanks!

I had the exact problem the other day. In event viewer on my DC it was reporting a replication error with a Server I had taken off the network ages ago. Unforunately i didnt demote the server so my current DC is still trying to replicate to it. I gathered this was probably why I was getting these exact error messages when I tried to extend the Schema. I tried using the repadmin tool but no joy. In the end this is what worked for me. 1. Delete the computer account of the offline server in AD (Keep DNS records of the offline server the same if you still have the entries). 2. Rebuilt a new sever with the exact name as the offline server. 3. Ran DCpromo and promoted the server to a DC. During the AD install I was prompted that a computer account with the same name exists and do I want to overwrite it, which I said yes to. After these steps I got a successful replication between the 2 DC's. I then ran extadsch.exe which extended the schema successfully.