Re: Trouble Extending Schema

From: Micah (M_at_m.com)
Date: 05/03/04 

Date: Sun, 2 May 2004 20:55:19 -0500

See that is the problem, I can't get the schema extended but I beleive I
have the permissions set correctly. I've tried it on the schem master and
no luck, Tried it on each DC and on the sms server and the logs all contain
the same error codes (in my first post). I think that the permissions are
fine, I've checked and rechecked those. What this appears to be to me is a
problem with the directory but the errors returned in the log created when I
try to extend the directory are pretty useless and don't give me much to go
on. I thing everything would be fine if I could get the directory
extensions in there.

"TerryM" <nospam@hotmail.com> wrote in message
news:ODKtb7KMEHA.2584@TK2MSFTNGP12.phx.gbl...
> Have you looked in the schema to see if it was successfully extended??
> Search myitforum.com for a list of exactly what should be in there. If it
> hasn't been extended then I would run the utility on the Server that is
the
> Schema master using the Schema admin account. Should only take a couple
> seconds. Then go into the Site properties, unselect for it to publish to
> AD, apply, then recheck and apply.
>
> If it has been extended then you know it must be a problem with security
and
> the management container.
> The SMS Account needs to be granted ownership or something like that to
the
> systems mgmt container. Use the all tasks>Delegate control option from
the
> ADU&C MMC.
>
> Terry
>
>
> "Micah" <M@m.com> wrote in message
> news:O4jOJ$JMEHA.160@TK2MSFTNGP12.phx.gbl...
> > I understand all that and so far have already done everything you
pointed
> > out. I really don't think it's an issue with permissions here. I'm
using
> > an account that has permissions to modify the schema and modifications
are
> > enabled.
> >
> > I don't think that the problems are permission related on the SMS side.
> > What it looks like to me is that the SMS problems are all related to the
> > failure of the directory extensions. It looks like it's getting to the
> > directory fine but can't update it because the class and attributes are
> not
> > there.
> >
> > I'm trying to find out why it won't let me extend the directory. I
> > apparently have rights because I am using a schema admin account and am
> also
> > trying it from the domain controllers as well as the SMS server itself.
> The
> > errors are all the same no matter where I try it but there really isn't
> any
> > usefull info out there for the errors in the log files. I think it will
> > work if I can get the directory extended, but so far no luck.
> >
> > "Jason Nelson" <anonymous@discussions.microsoft.com> wrote in message
> > news:05D04F6B-2F26-442B-9ED6-FAA512A5B254@microsoft.com...
> > > Micah,
> > > Please review the following snippet I copied here for you to read from
> > "Active Directory Schema Modification and Publishing for Systems
> Management
> > Server 2003.doc".
> > >
> > > "If publishing is enabled on the site properties but the SMS account
> does
> > not have sufficient permissions to publish, hierarchy manager and site
> > component manager will generate error 4913: Systems Management Server
> cannot
> > create the object in Active Directory. This error persists in the status
> > messages until permissions to publish have been granted or publishing
has
> > been disabled."
> > >
> > > Okay... so back to my original blog... you need to verify you have the
> > correct permission when creating the SMS System Management container.
> Since
> > you said this was a 2000 AD, did you run Regsvr32 schmmgmt.dll from a
> > command prompt? If not then do this. However, I am assuming you have
> done
> > this to allow the schema to be extended with the System Management
> > container.
> > >
> > > Your problem is publishing to this container.
> > > When you run ExtADSch the ExtADSch.log will likely contain errors
> starting
> > off with "Failed to create attribute".
> > >
> > > Therefore, we need to go back with the ADSI Edit tool and look over
how
> > you have the permissions setup in the System Management container. You
> said
> > that you have given full control to it and to all child objects. This
is
> > good.
> > >
> > > Now did you also go into the Advanced Security Settings for System
> > Management and check the box "Allow inheritable permissions from the
> parent
> > to propagate to this object and all child objects. Include these with
> > entries explicitly defined here." Once this is checked and applied, go
> > ahead and run the ExtADSch tool again.
> > >
> > > Cheers,
> > > jason nelson
> >
> >
>
>

Relevant Pages

  • Re: Cant remote control over a subnet
    ... I have extended the AD schema, can you point me in the right direction to ... the system management container in AD ... Did you extend the AD schema when you ... Did you give the SMS Service account rights to the System ...
    (microsoft.public.sms.setup)
  • Re: Trouble Extending Schema
    ... Schema master using the Schema admin account. ... I really don't think it's an issue with permissions here. ... > I'm trying to find out why it won't let me extend the directory. ... > correct permission when creating the SMS System Management container. ...
    (microsoft.public.sms.setup)
  • Re: Trouble Extending Schema
    ... Extending the schema is different than creating the Management container to ... Controller as a Schema Admin and run the Schema Extend Tool. ... MS-SMS-Management-Point ...
    (microsoft.public.sms.setup)
  • Re: Trouble Extending Schema
    ... > To Extend the Schema on Windows 2000, you just make sure Schema extensions ... > Controller as a Schema Admin and run the Schema Extend Tool. ... >> have the permissions set correctly. ...
    (microsoft.public.sms.setup)
  • Re: upgrade a Windows 2003 DC to R2
    ... >> when doing adprep forestprep. ... >> A previous schema extension has defined the attribute value as ... >> Adprep cannot extend your existing schema ...
    (microsoft.public.windows.server.active_directory)