Let’s learn how to Create System Management Container & provide full control permissions. System Management is the container in the Active Directory to manage devices using ConfigMgr | SCCM.
NOTE! – You need to Extend Active Directory Schema before creating system management container.
System Management Container
ConfigMgr uses System management container to publish Management Point & Boundary details. ConfigMgr clients connect & query system management container to select the best MP available.
NOTE! – More details about Publishing site data for SCCM.
Prerequisite
- Login with user permission to Create All Child Objects permission on the System container for each domains. More details here.
- Create this container one time in each domain that has a primary or secondary site server that will publish data to Active Directory.
- Grant FULL Control permissions to the computer account of each primary and secondary site server
Create System Management Container
Let’s see how to create system management container.
- Run ADSI Edit (adsiedit.msc)
- Right Click on ADSI Edit node from MMC console and click on Connect to…
- Enter the site server’s Domain or Domain server details – Select or type a domain or server: (Server | Domain [:port])
- Click OK
- Expand Domain -> expand
- Right-click CN=System
- Select New, and then choose Object
- In the Create Object dialog box, choose Container, and then choose Next
- In the Value box, enter System Management, and then choose Next to continue
- Click on Finish button
Assign Permission
You have created the System Management container. Now let’s assign permissions to primary and secondary server computer accounts.
- Right-click CN=System Management, and then choose Properties
- Select the Security tab from System Management Properties
- Click on Add button
- Enter the site server computer account in the box below “Enter the object names to select“
- Click on Object Types
- Select Computers and Click OK
- Click on OK to continue with selection
- Select on the Site System Computer account
- Select the Full Control permission
- Repeat this step for all the site server in this domain
- Click on Advanced button
- Select the site server’s computer account
- Select Edit button
- Select drop down option called “This object and all descendant objects” from Applies to option
- Click OK to continue
- Click OK & OK to finish
Results
Now you have created System Management container and provided full control permission to site system servers.
