How to make sure SMS/SCCM site infromation publishing in Active Directory Services

SMS/Sccm does not publish objects correctly in Active Directory if the Active Directory schema has not been extended for SMS/SCCM, or if SMS/SCCM does not have sufficient permissions. Make sure your sites's computer account or the SMS sesrvice account have full control to the System Management container.


•Manually create the System Management container in the Active Directory System container by using the ADSIEdit.msc tool. ADSIEdit is included in the Windows Support Tools folder on the Windows product CD. Grant the appropriate account full control permissions to the System Management container and All Child objects for all SMS sites in the domain.


•Use Active Directory Users and Computers to grant the appropriate account full control permissions to the System Management container and All Child objects for all SMS sites in the domain.

After the appropriate account has full control, it will grant permissions to the management points so the management points can publish their own information to Active Directory. You do not need to manually grant management points permissions to publish to Active Directory.
 To verify whether your site is publishing information in Active Directory, verify hman.log and sitecomp.log


If you site is publishing information properly, then they should look similar as below:
hman.log:
Active Directory DS Root:DC=sccmtraining,DC=com
Searching for the System Management Container.
System Management container exists.
Site objects existing in AD: cn=SMS-Site-SC5.
Searching for SMS-Site-SC5 Site Object.
SMS-Site-SC5 exists, updating.
SMS-Site-SC5 successfully updated.
sitecomp.log:
Publish Servers in Active Directory.
DS Root:DC=SCCMTRAINING,DC=ABC,DC=com
Searching for the System Management Container.
LDAP://CN=System Management,CN=System,DC=SCCMTRAINING,DC=ABC,DC=com container exists.
Site System is the Default Management Point.
No Fallback Status Point installed on the Site
Size of Signing Certificate: 0
Signing Certificate:
Checking configuration information for server: SECONDARY.
SECONDARY is the Default MP.
Updated MP Configuration for SECONDARY.
Installing Security settings on site system ...
Security settings are up to date for SECONDARY.
Installing DNS publishing settings on site system ...
DNS publishing settings are up to date for SECONDARY.
Publishing SECONDARY(SECONDARY.SCCMTRAINING.ABC.com) as a Management Point into Active Directory.
SMS-MP-SE2-SECONDARY successfully updated.

0 comments:

Post a Comment