Hi,I want to prepare my AD for SSCM with the LDIF file. I am Schema administrator and Enterprise administrator.When i run: c:\ldifde -i -f ConfigMgr_ad_schema.ldf -v -j c:\tempI get the following error:---------------------------------------------------------------------Connecting to "local.domain.com" Logging in as current user using SSPI Importing directory from file "ConfigMgr_ad_schema.ldf" Loading entries1: CN=mS-SMS-Capabilities,CN=Schema,CN=Configuration,DC=local,DC=domain,DC=comEntry DN: CN=mS-SMS-Capabilities,CN=Schema,CN=Configuration,DC=local,DC=domain,DC=comchangetype: addAttribute 0) objectClass:top attributeSchemaAttribute 1) cn:mS-SMS-CapabilitiesAttribute 2) attributeID:1.2.840.113556.1.6.29.2.1.14Attribute 3) attributeSyntax:2.5.5.4Attribute 4) isSingleValued:TRUEAttribute 5) oMSyntax:20Attribute 6) searchFlags:0Attribute 7) isMemberOfPartialAttributeSet:TRUE Add error on line 56: Insufficient Rights The server side error is "Access is denied." 0 entries modified successfully. An error has occurred in the program---------------------------------------------------------------------Anybody an idea why this happens and how to solve it?Thanks!

Hi,Do you get the same error when you run extadsch.exe from the ConfigMgr. DVD? Or is running that utility not an option in your environment? - http://technet.microsoft.com/en-us/library/bb680608.aspxKent Agerlund | http://scug.dk/members/Agerlund/default.aspx | The Danish community for System Center products

Dit not tried it with extadsch.exe yet because of this note from the technet site:It is recommended to use the ConfigMgr_ad_schema.ldf LDIF file to extend the Active Directory schema for Configuration Manager 2007. Using an LDIF file to extend the Active Directory schema instead of the ExtADSch.exe utility provides greater transparency about the changes being made to the Active Directory schema and also makes it easier to diagnose any problems encountered during the schema extension process.if there is no other solution i will try it. But at the moment I just can't ignore the problem with the LDIFDE.exe :)

Hello Kuipie,Make sure to follow the instruction in the article mentioned by Kent. Th account used must be member of the schema admins and run the command as an administrator on the box. If you are installing on W2K8 this needed because of UAC.As far as the extadsch.exe........... I use this always. There is not problem in using this executable and extending your schema.Robert

I'm sure that what Robert means to say is that if you use W2K8 you should run the command from an elevated command prompt. Just using a user that is an administrator is not enough.Right click cmd.exe and choose Run as administrator or press Start, type "cmd" and press Shift+Ctrl+Enter.

Thanks for all the reactions. Whe still have a 2003 AD, so all our DC's are 2003 :)Only SCCM and the SQl server are running 2008.Gonna try the extadsch.exe on monday. I will let you all know the results.

MMmm... Couldn't let go. But I found the problem. Schema master wasn't locatod our DC1 but on our DC2.... :(Did the ldifde.exe and it was succesfull. Thanks all!

I had the exact same problem.later on I found out that my domain admin account was not a part of the schema admins group in AD.People who had this issue may want to check that first.