Re: Systems container in AD and SMS

OK, a few things to straighten out. You said in your first mail that the
computer$ account had been granted permissions to the system management
container but in the next post you were were surprised that domainB is in
advanced security. If you are in standard security, you grant full control
to the SMS Service Account and if you aren in advanced security you grant
full control to the computer$ account. If you have a site server in domainA
and a site server in domainB, you have to grant permissions to each domain.
Make sure you grant the permissions for that container AND all child
objects.

As for interoperability, a site using advanced security cannot report to a
parent site running standard security.
Does that help?

--
Cathy Moya, CISSP, MCSE: Security
Technical Writer, Windows Enterprise Management Division User Assistance

Check out the SMS Technical FAQ:
http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/default.mspx
This posting is provided AS IS with no warranties and confers no rights.

"tandrle" <tandrle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:20177424-CCEF-4AA3-99B5-25298B64CC2F@xxxxxxxxxxxxxxxx

Upon further review someone has moved site B into advande security.. We
are
not prepared to take all sites to that but I also know we can not go back.
Can they interoperate and what do I need to do to make that happen. This
site has 2 child sites that are in the same domain site b reports to site
A
in the parent domain.


"tandrle" wrote:

I have a multidomain SMS hirearchy. The central Site is in Domain A and a
child primry is in Domain B. On the child primary I am getting messages
that
the site can not update the Systems management container in AD. I have
checked and the computer$ account is added to have rights in Domain B on
the
systems container should it also have righs in Domain A?






.

Relevant Pages

  • Re: Creating SMS Containers in Active Directory HELP
    ... you can manually create it and set permissions for the SMS computer ... account or group by using ADSIEdit. ... > to create the System Management container and its child objects. ...
    (microsoft.public.sms.setup)
  • Re: Cant set SMS Service account, optionis greyed out.
    ... SMS Systems Management Server could not locate the "System Management" ... container in Active Directory. ... Nor could it create a default container. ... machine account might not have the correct rights to update active directory. ...
    (microsoft.public.sms.setup)
  • Re: Schema Update Problem
    ... Once the schema has been extended, and the System Management container ... account (advanced security) requires full control to the System Management ...
    (microsoft.public.sms.admin)
  • Re: SMS Client Installed but not assigned
    ... front of the console right at the minute). ... > Looks like it did its work but there is no node "System Management" in AD. ... >> If you are using Advanced Security, add the machine account ...
    (microsoft.public.sms.admin)
  • Re: Error message about SLP account
    ... On the systems container check to make sure the SMSService account (machine ... Then on the advanced tab verify that the account has full rights to this ... > "System Management" container, and all child objects in Active Directory. ...
    (microsoft.public.sms.admin)
Loading