SCCM 2007 R3
How risky is it really in extending the schema? I was just going to use the automated installation file to do this.
November 28th, 2010 7:47pm
I put the risk at zero. The schema extension for ConfigMgr is three new classes and 18 (or so, I don't explicitly remember) attributes that are completely independant of anything else in the AD schema. I have never ever heard of any having an issue (except failure to extend issues related to permissions). If something does happen to go wring though, because these classes and attributes have nothing to do with anything else in AD, the impact is zero and that's why I put the risk at zero also.Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
November 28th, 2010 8:03pm
I have never seen an installation of SCCM break any functionality in AD as a result of extending the schema. But still, you should use your normal "schema extension" procedures.Kent Agerlund | My blogs: http://blog.coretech.dk/author/kea/ and http://scug.dk/ | Twitter @Agerlund | Linkedin: /kentagerlund
November 28th, 2010 8:29pm
Great, thanks for the replies. I was going to use the extadsch tool versus the manual as it is simplier. It appears to generate a log file, will this show me success or failure?
November 28th, 2010 8:38pm
Yes the extadsch.log file will tell you everything.Kent Agerlund | My blogs: http://blog.coretech.dk/author/kea/ and http://scug.dk/ | Twitter @Agerlund | Linkedin: /kentagerlund
November 28th, 2010 9:05pm
November 28th, 2010 9:15pm
I suggest, Prior to extending the AD Schema, please follow some good Practices, 1. Create a backup of the schema master domain controller’s system state using the NTBACKUP utility. 2. To prevent replicating schema changes before they are verified, disconnect the schema master domain controller from the network. In this way your environment will be more secure and it also provides you a level of comfort. Best of Luck !
November 28th, 2010 9:31pm
Microsoft does not recommend disconnecting the schema master from the network as this can cause other replication issues. The recommended method is to disable outbound replication on the schema master domain controller before effecting the change and then re-enabling outbound replication after you are confident of the changes.Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
November 29th, 2010 3:26am
Please refer the following Links as Microsoft also recommends , "Disconnect the schema master domain controller from the network" How to Extend the Active Directory Schema Using an LDIF File http://technet.microsoft.com/en-us/library/bb632388.aspx How to Extend the Active Directory Schema Using ExtADSch.exe http://technet.microsoft.com/en-us/library/bb680608.aspx In this way your environment will be more secure and it also provides you a level of comfort. Best of Luck ! TECH-Voice MCT
November 29th, 2010 9:11am
Same here, never had any issues. And I did a lot of them ;-)Follow me through my blog and Twitter!
November 29th, 2010 10:54am
Actually I have.. It is in the ConfigMgr Docs. J I have never disconnected anything when extending the schema so…. both answers might be right. http://www.enhansoft.com/
November 29th, 2010 4:37pm
Hi Thank you for the good and smart help. I know it can be done without it, but your answer also covers the Microsoft Precautionary Measures.It is the very concise and Best answer. Its Amazing that this Answer is not marked as Green, Moderator, Why it is not selected as a Perfect Answer ? MCSE+Security2003-MCITP-EA
December 1st, 2010 1:46am
Why it is not selected as a Perfect Answer ? .. because it is not the perfect answer. See Jason's answer and http://blogs.technet.com/b/askds/archive/2010/04/16/friday-mail-sack-i-live-again-edition.aspx (3rd question).
December 1st, 2010 3:59am