Re: Sms2003 and extending AD

Coincidentially, I'm also having problems with AD permissions. I
installed SMS without granting the proper permissions to
<domain>/System/System Management. I've done this, and about an hour
later, SMS created two more objects under that container. It then
threw an error message about security on the newly created objects. So,
I went in and manually assigned the necessary permissions and I'm
waiting for SMS to wake up and try and publish to AD again.

Is there a way to force SMS to publish to AD so I can get my clients
working?

Thanks,
Zack

Michel-Vincent wrote:
Hello

You probably have checked the option to publish server fqdn in SMS.
This can only work if you have extended AD with the SMS extensions FROM SP2
(allow me to insist on the SP2 as this is a common mistake).

Once you've extended the AD Schema, check that SMS service account (in your
case SMS computer account has the proper permissions in your AD and you
should be fine.

Of course, once everything is OK, you need to wait a couple of minutes for
SMS to actually publish the info in AD.

Hope it helps,
Cheers

MV
--
Michel-Vincent Leriche
http://mvleriche.spaces.live.com


"gdinescu@xxxxxxxxx" wrote:

Ok, i have found the answer:

"Although schema extension can be performed automatically during
installation, a manual procedure is required to grant SMS permissions
to successfully publish information to Active Directory. Failure to do
so causes SMS to generate error 4913 and prevents SMS clients from
accessing SMS information in Active Directory."

But another question rises: What do i have to setup in order for the
error to stop? (besides extending the schema - I'm using windows server
2000 and by default the schema is locked)


gdinescu@xxxxxxxxx wrote:
Hi,

I've installed SMS2003 sp2 in advanced security mode, without extending
AD. In the SMS console, under component status i can see errors under
SMS_SITE_COMPONENT, to be more specific the 4913 error (Systems
Management Server cannot create the object "cn=SMS-SLP-ROB-SMSSRV01" in
Active Directory)

I went in AD and gave full control to SMSSRV01 for the System
management container but i still get these errors. My question is can
SMS add these two objects (SLP, MP) to AD without the schema being
extended?

Thank you in advanced,



.

Relevant Pages

  • RE: Automatic Site Code Discovery was unsuccessful
    ... Windows Server 2003 and Windows 2000 ... or a combination of both) that is the code for the SMS site to ... "If you have extended the Active Directory schema, ... i just insatlled the SMS 2003 without extending the ...
    (microsoft.public.sms.admin)
  • RE: Automatic Site Code Discovery was unsuccessful
    ... Straight from the SMS FAQ: ... "If you have extended the Active Directory schema, ... Install Windows 2003 Server Ent. ... i just insatlled the SMS 2003 without extending the ...
    (microsoft.public.sms.admin)
  • Re: Trouble Extending Schema
    ... The SMS Server account has full control of the new system ... I've tried running the extend schema application from each of the domain ... Could you be more specific on how you are "manually" extending the AD ...
    (microsoft.public.sms.setup)
  • Re: Merged environments with different Active Directory Versions
    ... > extending the schema for SMS. ... >>> My company recently was acquired by another company which didn't use SMS. ... I haven't yet extended the AD schema. ... Ad or change management :-). ...
    (microsoft.public.sms.setup)
  • Re: Additional suggestions for previous post "Distribution Manager error 2324 1/4/05"??
    ... I'm not looking at a site right now, but I checked the other SMS shares ... that you indicated have Everyone with Full Control listed. ... didn't look closely at the file permissions. ... regarding the specific share and file permissions, ...
    (microsoft.public.sms.swdist)
Loading