Installing SCCM with no Domain Admin rights
Hi, From my understanding there is no need for any account to have domain admin rights in order to install and operate with SCCM. However it's not clear for me if it's strictly necessary that the site server computer account must have Full Control permissions to the System Management container in AD or this can be also avoided by installing the server locator point role. Please confirm, we need to deploy SCCM in an environment with no admin rights at all.Jorge Q
October 26th, 2010 12:49pm

This primary site installation would be deployed in a domain that already has a SCCM primary site installed, schema already extendended. Any objection, advice or requirement that prevent from doing this would be also very appreciated.Jorge Q
Free Windows Admin Tool Kit Click here and download it now
October 26th, 2010 12:56pm

The computer account of the siteserver needs full control to the container and all child objects, but that account is no domain admin at all. Extending the schema and AD publishing is optional, but makes life easier: http://technet.microsoft.com/en-us/library/bb694066.aspx. It's supported to have separate hierarchies within the same domain/forest as long as there are no overlapping boundaries and unique sitecodes.
October 26th, 2010 1:41pm

If the site server cannot publish its info to AD, then you must use an SLP (not being able to publish info in AD is equivalent to not extending AD at all for purposes of this document): http://technet.microsoft.com/en-us/library/bb693467.aspx.Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
Free Windows Admin Tool Kit Click here and download it now
October 26th, 2010 1:50pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics