Sunday, September 25, 2011

Checking SMS/SCCM site information publishing in Active Directory

This happens If Active Directory Schema is not extended and the computer holding SCCM server does not have full rights on Active directory container. This can be rectified in following way...
-open Active Directory Users and Computers.
-On the View menu, click Advanced Features.
The Active Directory Computers and Users window displays additional Active
Directory information, including displaying the System container. You will grant
rights to the System container to allow the Configuration Manager site server to
publish data to Active Directory.
-In the console tree, expand domain( name of your domain), and then click
System.
-On the Action menu, click Properties.
-Click the Security tab.
The System Properties dialog box displays the security permissions on the
System container. Notice that the Configuration Manager site server computer
(SMSServer) is not listed.
-Click Add.
The Select Users, Computers, or Groups dialog box appears.
-Click Object Types.
The Object Types dialog box appears.
-Under Object types, click Computers, and then click OK.
-In the Enter the object names to select field, type smsserver name and then click OK.
- The Select Users, Computers, or Groups dialog box appears. Notice that the
Configuration Manager site server computer is now listed with
Read rights.
-Under Permissions for SMSSERVER, click Full Control under Allow, and then
click Advanced.
The Advanced Security Settings for System dialog box appears displaying the
rights for various accounts.
-Under Name, click on SMS SERVER name, and then click Edit.
The Permission Entry for System dialog box appears displaying the rights for
SMSServer$.
-In the Apply onto field, click This object and all child objects, and then click
OK.
The Advanced Security Settings for System dialog box appears.
-Click OK.
The System Properties dialog box appears.
-Click OK.
The Active Directory Computers and Users window appears. You can leave this
window open if you want to view information that Configuration Manager
publishes to Active Directory after installation.
---------------------------
Logs to check
Hman.log for the following information

" Active Directory DS Root:DC= Domainname here,DC=com
Searching for the System Management Container.
System Management container exists.
Site objects existing in AD: cn=SMS-Site-Site code here.
Searching for SMS-Site- Site Object.
SMS-Site- exists, updating.
SMS-Site-< Site Code here> successfully updated. "
---------

sitecomp.log for the following information

Publish Servers in Active Directory.
DS Root:DC=SCCMSERVER,DC=DOMAINNAME ,DC=com
Searching for the System Management Container.
LDAP://CN=System Management,CN=System,DC=SCCMSERVER,DC=DOMAINNAME,DC=com container exists.
Site System is the Default Management Point.
No Fallback Status Point installed on the Site
Size of Signing Certificate: 0
Signing Certificate:
Checking configuration information for server: SECONDARY.
SECONDARY is the Default MP.
Updated MP Configuration for SECONDARY.
Installing Security settings on site system ...
Security settings are up to date for SECONDARY.
Installing DNS publishing settings on site system ...
DNS publishing settings are up to date for SECONDARY.
Publishing SECONDARY(SECONDARYSERVER NAME.SCCMSERVER.DOMAINNAME.com) as a Management Point into Active Directory.
SMS-MP-SECONDARY SERVER SITE CODE -SECONDARY successfully updated.

No comments: