Creating SMS Containers in Active Directory HELP
- From: "Richard Overton" <richard.overton@xxxxxxxxxxxxx>
- Date: Fri, 15 Apr 2005 11:12:42 +0100
Dear All
Can you help with this? I am trying to configure SMS but when trying to do
the following I get to 4 and the is no System Management container in the
System tree??
Creating SMS Containers in Active Directory
To create containers in Active Directory, after extending the schema, the
SMS Service Account must be a member of the Administrator group to be able
to create the System Management container and its child objects. Another
option is to manually create the System Management container in Active
Directory by using the ADSIEdit.msc tool.
Note:
.
To access the ADSIEdit.msc tool, you must install the Windows 2000
Administrator Tools. To install these tools, run AdminPak.msi in the
\system\system32 folder. For more information, see the Windows 2000 Help.
If you are using advanced security mode, grant the SMS Service Account or
the computer account rights to the System Management container. It is
required that Read, Write, Create All Child Objects, and Delete All Child
Objects rights are granted to this object and child objects.
For more information about SMS 2003 security accounts, see Chapter 5,
"Understanding SMS Security," and Chapter 12, "Planning Your SMS Security
Strategy." For more information about Active Directory, see the Active
Directory Help.
To set security on the System Management object
1.
Start the Active Directory Users and Computers administrative tool.
2.
On the View menu, click Advanced Features.
3.
In the tree view, select the System container for the domain.
4.
Expand the System container, right-click the System Management
container, and then select Properties.
5.
On the Security tab, click Add.
6.
If the site is using advanced security, click Object Types in the
Select Users, Computers, or Groups dialog box.
7.
Select the Computers check box, and then click OK.
8.
Enter the SMS Service account for standard security or the computer
name for the site server for advanced security, and then click OK.
9.
In the System Management Properties dialog box, select the Read, Write,
Create All Child Objects check box, and then select Delete All Child Objects
permissions.
10.
Click Advanced, select the SMS Service account or computer account, and
then click Edit.
11.
In the Apply onto list, select This object and all child objects.
12.
Click OK to close the dialog boxes.
I'm also getting the following error message in the SMS status view because
of the above problem
"MS Systems Management Server could not locate the "System Management"
container in Active Directory. Nor could it create a default container.
This will prevent Site Component Manager from updating or adding any objects
to Active Directory.
Possible cause: This site's SMS Service account or the site server's
machine account might not have the correct rights to update active
directory.
Solution: Either give the Service Account rights to update the domain's
System Container, or manually create the "System Management" container in
this domain's Active Directory system container, and give the Service
Account full rights to that container (and all children objects.)"
Regards,
Rich Overton
Network Administrator
Omnibus Systems Ltd
Loughborough
Leicestershire
LE12 5PY
UK
E: richard.overton@xxxxxxxxxxxxx
.
- Follow-Ups:
- Prev by Date: Site Communication Question
- Next by Date: Re: How to install full version without losing configuration?
- Previous by thread: Site Communication Question
- Next by thread: Re: Creating SMS Containers in Active Directory HELP
- Index(es):
Relevant Pages
|
Loading
