Here we are going to see the Prerequisites installation of configuration manager 2012 and we will also see the steps to create a system container, assign permission for SCCM on container and extend the Active directory schema.
Before you install the configuration manager, you should extend you active directory and give your SCCM server rights to create objects under the system container AD.
Does Configuration Manager creates System Container automatically ? – Configuration Manager does not automatically create the System Management container in Active Directory Domain Services when the schema is extended. The container must be created one time for each domain that includes a Configuration Manager primary site server or secondary site server that publishes site information to Active Directory Domain Services.
Some steps need to follow before creating system container:
- Change Host name for domain controller
- Set static IP address for domain controller.
- Installation of Active directory for the environment.
Create System Management Container
We will first create the system management container and we will assign the SCCM server permission to create object under the container.
The Domain controller is running windows server 2012 data centre edition operating system. To create a container log on to domain controller with administrator account click on server manager, tools click on ADSI (Active directory server interface) edit.
Right click ADSI Edit and click on Connect to. On the Connection Settings window, the naming context should be Default naming context. Do not change anything here, click on OK.
In the ADSI Edit Console, expand the Default Naming Context, right click CN=System, click on New and create an Object.
On the Create Object windows, select the class as container and click on Next.
Provide the value as System Management. Click on Next and click on Finish to close the wizard.
Now that we have created the system management container, we must grant the site server’s computer account the permissions that are required to publish site information to the container. The primary site server computer account must be granted Full Control permissions to the System Management container and all its child objects.
Click on Server Manager, click on Tools, click on Active Directory Users and Computers. Click on View and click Advanced Features. Expand System, right click System Management and click on Delegate Control.
The primary site server computer account must be granted Full Control permissions to the System Management container. Click on Add, on select users,computers or groups window click on Object Types and check for Computers as object types. Click on OK. Type the name of the primary site server computer account and click on OK.
You must see the primary site server computer account listed unde7r the users or groups. Click on Next
On the Tasks to Delegate page, click on Create a custom task to delegate. Click on Next.
On the Active Directory Object Type window, select the option This folder, existing objects in this folder and creation of new objects in this folder. Click on Next.
We need to select the permissions to delegate, choose General, Property Specific and Creation/deletion of specific child objects. Under the permissions, click on Full Control. when you check the box for Full Control all the other permissions gets checked automatically. Click on Next and click on Finish to close the wizard. We have delegated full permissions to primary site server computer account on System Management container.