Re: Check SLP in AD
From: MartinS (MartinS_at_discussions.microsoft.com)
Date: 08/27/04
- Next message: Kane: "Re: Using my domain user name to view report?"
- Previous message: Morpheous: "Increasing Cache size on Advanced Client"
- In reply to: news.microsoft.com: "Re: Check SLP in AD"
- Next in thread: Torsten: "Re: Check SLP in AD"
- Reply: Torsten: "Re: Check SLP in AD"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 27 Aug 2004 08:25:02 -0700
Have a look into "Active Directory Schema Modification and Publishing for SMS
2003"
(http://www.microsoft.com/downloads/details.aspx?FamilyId=D1DE764C-8E26-455F-BEE5-34FB1CA9F2C4&displaylang=en). Read this carefully and find for example:
To Manually Create the System Management Container
1. Log on as an account that has the Create All Child Objects permission on
the System container in Active Directory.
2. Start ADSIEdit and connect to the domain if necessary.
3. In the console pane, expand Domain [computer fully qualified domain
name], expand <distinguished name>, and right-click CN=System. On the context
menu click New and then Object.
4. In the Create Object dialog box, select Container and click Next.
5. In the Value field, type System Management and click Next.
6. Click Finish.
There is more useful information, therefore read it completely.
One example:
Creating the System Management container in Active Directory
SMS does not automatically create the System Management container when it
extends the schema. The container only needs to be created once per forest.
You can either manually create the container, or allow SMS to attempt to
create it the first time a site tries to publish to Active Directory. SMS can
only create the System Management container if the SMS account has full
control permission on the System container. While it is possible to grant
those permissions on System and later change them so SMS only has full
control on the newly created System Management container, it is more secure
to create the System Management container manually using ADSIEdit and grant
permissions after the container is created. ADSIEdit is included with the
Windows support tools on both the Windows 2000 Server and Windows Server 2003
CDs, but is not installed by default.
"news.microsoft.com" wrote:
> Aehm,.. sorry... how can i create a container in the SYSTEm container...
> there is no option for that....
>
>
>
> "Torsten" <torsten.meringer@NOSPAM.web.de> schrieb im Newsbeitrag
> news:13DDADF7-CAAC-4D55-8EC9-17F6822F5998@microsoft.com...
> > Hi Kim,
> >
> > your solution will work. But I'd prefer to create the System Management
> > container manually and grant the site systems full permission to this
> > container only (inlcuding all childs). In this way, sms has got only the
> > permission it really needs.
> >
> > Regards,
> > Torsten
> >
> > "Kim Oppalfens" wrote:
> >
> > >
> > > Make sure your site server computer account has Full control priviliges
> > > on the system container object and all child objects.
> > >
> > > You will have to check the properties of the system container, check
> > > security press the advanced tab, add the computer account give it full
> > > control and make sure the top of the window lists this object and all
> > > child objects.
> > >
> > > Kim Oppalfens
> > > In article <u0JuU4BjEHA.2664@TK2MSFTNGP11.phx.gbl>,
> > > "news.microsoft.com" <@> says...
> > > >
> > > > Hi
> > > >
> > > > is it right that shoud be under Active Director Users and Computer ->
> > > > System -> Systemmanagement the SLP Server Entry? What if we dont ahve
> that
> > > > Systemmanagement? A alredy checked if I have advanced settings
> activated...
> > > >
> > > > Thanks
> > > >
> > > >
> > > > Marcel
> > > >
> > > >
> > > >
> > >
> > > --
> > > Check out the SMS Technical FAQ:
> > > http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/default
> > > ..mspx
> > >
>
>
>
- Next message: Kane: "Re: Using my domain user name to view report?"
- Previous message: Morpheous: "Increasing Cache size on Advanced Client"
- In reply to: news.microsoft.com: "Re: Check SLP in AD"
- Next in thread: Torsten: "Re: Check SLP in AD"
- Reply: Torsten: "Re: Check SLP in AD"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
