Re: Trouble Extending Schema

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Micah (M_at_m.com)
Date: 05/03/04 

Date: Sun, 2 May 2004 21:26:35 -0500

Already done and rechecked exactly what you have listed below. Grasping at
straws here now

"TerryM" <nospam@hotmail.com> wrote in message
news:OHZp0PLMEHA.3472@TK2MSFTNGP09.phx.gbl...
> What permissions?
>
> Extending the schema is different than creating the Management container
to
> publish to.
>
> To Extend the Schema on Windows 2000, you just make sure Schema extensions
> are allowed (checkbox)
> Then I always, (not sure if required) log on to the Schema Master Domain
> Controller as a Schema Admin and run the Schema Extend Tool.
>
> Takes like 5 seconds.
>
> You say this part is failing? When you go into Schema Admin Console do
you
> see this:
>
>
> Classes (Common Names)
> MS-SMS-Management-Point
> MS-SMS-Server-Locator-Point
> MS-SMS-Site
> MS-SMS-Roaming-Boundary-Range
>
> Attributes (Common Names)
> MS-SMS-Site-Code
> MS-SMS-Assignment-Site-Code
> MS-SMS-Site-Boundaries
> MS-SMS-Roaming-Boundaries
> MS-SMS-Default-MP
> MS-SMS-Device-Management-Point
> MS-SMS-MP-Name
> MS-SMS-MP-Address
> MS-SMS-Ranged-IP-Low
> MS-SMS-Ranged-IP-High
>
> Either you are not using a Schema Admin Account, or you have not checked
the
> box to enable Schema extensions in Windows 2000.
>
> Terry
>
>
> "Micah" <M@m.com> wrote in message
> news:uNacYHLMEHA.2532@TK2MSFTNGP10.phx.gbl...
> > See that is the problem, I can't get the schema extended but I beleive
I
> > have the permissions set correctly. I've tried it on the schem master
and
> > no luck, Tried it on each DC and on the sms server and the logs all
> contain
> > the same error codes (in my first post). I think that the permissions
are
> > fine, I've checked and rechecked those. What this appears to be to me
is
> a
> > problem with the directory but the errors returned in the log created
when
> I
> > try to extend the directory are pretty useless and don't give me much to
> go
> > on. I thing everything would be fine if I could get the directory
> > extensions in there.
> >
> > "TerryM" <nospam@hotmail.com> wrote in message
> > news:ODKtb7KMEHA.2584@TK2MSFTNGP12.phx.gbl...
> > > Have you looked in the schema to see if it was successfully extended??
> > > Search myitforum.com for a list of exactly what should be in there.
If
> it
> > > hasn't been extended then I would run the utility on the Server that
is
> > the
> > > Schema master using the Schema admin account. Should only take a
couple
> > > seconds. Then go into the Site properties, unselect for it to publish
> to
> > > AD, apply, then recheck and apply.
> > >
> > > If it has been extended then you know it must be a problem with
security
> > and
> > > the management container.
> > > The SMS Account needs to be granted ownership or something like that
to
> > the
> > > systems mgmt container. Use the all tasks>Delegate control option
from
> > the
> > > ADU&C MMC.
> > >
> > > Terry
> > >
> > >
> > > "Micah" <M@m.com> wrote in message
> > > news:O4jOJ$JMEHA.160@TK2MSFTNGP12.phx.gbl...
> > > > I understand all that and so far have already done everything you
> > pointed
> > > > out. I really don't think it's an issue with permissions here. I'm
> > using
> > > > an account that has permissions to modify the schema and
modifications
> > are
> > > > enabled.
> > > >
> > > > I don't think that the problems are permission related on the SMS
> side.
> > > > What it looks like to me is that the SMS problems are all related to
> the
> > > > failure of the directory extensions. It looks like it's getting to
> the
> > > > directory fine but can't update it because the class and attributes
> are
> > > not
> > > > there.
> > > >
> > > > I'm trying to find out why it won't let me extend the directory. I
> > > > apparently have rights because I am using a schema admin account and
> am
> > > also
> > > > trying it from the domain controllers as well as the SMS server
> itself.
> > > The
> > > > errors are all the same no matter where I try it but there really
> isn't
> > > any
> > > > usefull info out there for the errors in the log files. I think it
> will
> > > > work if I can get the directory extended, but so far no luck.
> > > >
> > > > "Jason Nelson" <anonymous@discussions.microsoft.com> wrote in
message
> > > > news:05D04F6B-2F26-442B-9ED6-FAA512A5B254@microsoft.com...
> > > > > Micah,
> > > > > Please review the following snippet I copied here for you to read
> from
> > > > "Active Directory Schema Modification and Publishing for Systems
> > > Management
> > > > Server 2003.doc".
> > > > >
> > > > > "If publishing is enabled on the site properties but the SMS
account
> > > does
> > > > not have sufficient permissions to publish, hierarchy manager and
site
> > > > component manager will generate error 4913: Systems Management
Server
> > > cannot
> > > > create the object in Active Directory. This error persists in the
> status
> > > > messages until permissions to publish have been granted or
publishing
> > has
> > > > been disabled."
> > > > >
> > > > > Okay... so back to my original blog... you need to verify you have
> the
> > > > correct permission when creating the SMS System Management
container.
> > > Since
> > > > you said this was a 2000 AD, did you run Regsvr32 schmmgmt.dll from
a
> > > > command prompt? If not then do this. However, I am assuming you
have
> > > done
> > > > this to allow the schema to be extended with the System Management
> > > > container.
> > > > >
> > > > > Your problem is publishing to this container.
> > > > > When you run ExtADSch the ExtADSch.log will likely contain errors
> > > starting
> > > > off with "Failed to create attribute".
> > > > >
> > > > > Therefore, we need to go back with the ADSI Edit tool and look
over
> > how
> > > > you have the permissions setup in the System Management container.
> You
> > > said
> > > > that you have given full control to it and to all child objects.
This
> > is
> > > > good.
> > > > >
> > > > > Now did you also go into the Advanced Security Settings for System
> > > > Management and check the box "Allow inheritable permissions from the
> > > parent
> > > > to propagate to this object and all child objects. Include these
with
> > > > entries explicitly defined here." Once this is checked and applied,
> go
> > > > ahead and run the ExtADSch tool again.
> > > > >
> > > > > Cheers,
> > > > > jason nelson
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Trouble Extending Schema
    ... I can't get the schema extended but I beleive I ... have the permissions set correctly. ... >> I'm trying to find out why it won't let me extend the directory. ... >> correct permission when creating the SMS System Management container. ...
    (microsoft.public.sms.setup)
  • Re: Trouble Extending Schema
    ... Schema master using the Schema admin account. ... I really don't think it's an issue with permissions here. ... > I'm trying to find out why it won't let me extend the directory. ... > correct permission when creating the SMS System Management container. ...
    (microsoft.public.sms.setup)
  • Re: upgrade a Windows 2003 DC to R2
    ... >> when doing adprep forestprep. ... >> A previous schema extension has defined the attribute value as ... >> Adprep cannot extend your existing schema ...
    (microsoft.public.windows.server.active_directory)
  • Re: upgrade a Windows 2003 DC to R2
    ... My mistake because I saw the warning "all Windows 2000 domain ... >>> when doing adprep forestprep. ... >>> A previous schema extension has defined the attribute value as ... >>> Adprep cannot extend your existing schema ...
    (microsoft.public.windows.server.active_directory)
  • Re: Upgrading Windows 2003 Server SP1 to R2
    ... Before running adprep, all Windows 2000 domain controllers in the forest ... If ALL your existing Windows 2000 domain controllers meet this requirement, ... extended schema do not ... Adprep cannot extend your existing schema ...
    (microsoft.public.windows.server.active_directory)