Installed and configured SCCM 2012 R2 and was able to discover AD forest, groups, etc. no problem there.
However, the System Management container is empty. Using delegation, I have given the SCCM server full access to the container and to all subfolders.

Schema was extended successfully prior to SCCM installation. 
Not sure why the System Management container isn't being populated by objects as it should be. 
Please help...

Have you checked the permissions? The CM computer account should have full permissions. If you granted full permitions to a security group in which the cm server is, the server has to be restarted. 

When assigning th epermissions have you selected "Aplies to: This object and all descendant objects" Option?

Any errors in hman.log?

Have you checked the ExtADSch.log file for Errors?

• Edited by dekac99 19 hours 57 minutes ago

If you have multiple level domains like Foo.com and My.foo.com.  Where did you set SCCM to publish to?  did you set the permissions on that domain?

Yes, I have checked and double checked the perms. I even removed them and re-added them.

But still can't see the objects under System Management.

And yes, I checked "applies to: This object and all descendant Objects"

The ExtADSSch.log file shows successful schema extension.

No, child domain. But multiple forests though. There is a trust setup between them.

I am currently setting up SCCM 2012 on one domain A and it is published to that same domain.

Reading what you've posted, it seems as if you've done everything here: https://technet.microsoft.com/en-us/library/gg712264.aspx

And if you configured publishing on the domain in Active Directory Forests in the console, then it should work.

Seems basic, but have you rebooted the site server?

Jeff

• Edited by Jeff Poling 16 hours 13 minutes ago

That is what I thought as well.  And yes, I have rebooted the server several times.

Just wondering if I could delete the System Management container and re-create it. Then set the permissions up again. Would that create any issue?

It was mentioned, but did you look at the hman.log from your site server?

That log will contain AD site publishing info. . .

Jeff

Also, I am looking at hman.log...anything specific I need to look for?

Look for a line with the text "Publishing site objects in AD forest. . . "

Jeff

ok, I found the log. Here is what it has.

"Publishing site objects in AD Forest xxxxxxxx

 No Publishing account defined for this forest, will use the machine account instead

Active Directory DS Root: DC=xx,DC=xxxxx,DC=xx, DC = xx

Searching for the management container.

System Management container not found. Creating it."

it looks like It just can't find it.

Not sure if this is causing the issue.....  I did some AD probing and found out that all 5 FSMO roles are sitting on one single DC.....which isn't how it should be. There are 3 DCs, and if I am not mistaken the Schema master and domain naming master should be on one DC and the other 3 roles can be put on the remaining two DCs......

Also, I ran DCdiag and found no errors....

repadmin /syncall

nothing unusual there as well....

getting really baffled now....

Where did you create the System Management container in AD? Did you create it in the System container?

And the system management container was created in the domain in which your site server is installed?

Jeff

Yes, I created it in the system container.

Yes, it was created in the same domain with the site server.

It's possible it is related to AD replication.  You ran a repadmin /syncall, but that is going to depend on your AD infrastructure. 

You could try re-creating the container. . .not much more I can think of if you followed the technet documentation and have validated permissions, etc.

Jeff

Yes, I will try to re-create the container and see what happens. I wasn't here when AD infrastructure  was built....so there is possibly some mess that I am going to be inheriting . 

And yes, I followed the TechNet docs and what ever else I could find....The initial installation and configuration was a bit problematic as I had never done SCCM built up before. But some how got that done....and now this.....

Thank you all for the help.

so now I found something .....on  the site server

clicked active directory forests ---- it shows that Discovery status as being succeeded.

But publishing status shows insufficient access rights...

There seems to be some kind of account problem...