Learn How to Extend AD Schema for SCCM | ConfigMgr | MEMCM

Let’s dive into the installation guide “Extend AD Schema for SCCM.” Do you want to extend AD Schema to ConfigMgr to work? AD schema extension not mandatory, but I recommend opening the schema wherever possible.

Related PostLearn How to create System Management Container and provide FULL control permission.

NOTE! – What are the changes expected with Active Directory Extension? You can refer to the Schema extensions for Configuration Manager.

Patch My PC

Prerequisites – Extend AD Schema for SCCM

SCCM AD schema extension the schema is a one-time action for any forest. Also, if the AD schema is already extended for SCCM 2007 and 2012, then no need to open the schema again.

  • The user who is performing the AD Schema extension should have Active Directory Schema admin access rights.
  • Access to ConfigMgr Source files (as you can see below)
  • Act as the Schema Master domain controller server

Extend Active Directory Schema for SCCM

To extend the Active Directory Schema for SCCM, you must follow the steps mentioned below.

  • Login to Schema Master DC server with Schema admin access rights
  • Copy X64 folder needed for AD Schema extension
    • The following folder SMSSETUP\BIN\X64 contains dependent DLL files for schema extension. So it’s better to copy the entire X64 folder on the ConfigMgr installation media.
Copy X64 folder from ConfigMgr installation media - Extend AD Schema for SCCM
Copy X64 folder from ConfigMgr installation media – Extend AD Schema for SCCM.

NOTE! – In this example, I’m going to use the tool called Extadsch.exe to extend the schema. However, when you have options

  • Run the Extadsch.exe tool
    • Or use the LDIFDE command-line utility with the ConfigMgr_ad_schema.ldf file.
Successfully extended the Active Directory schema. - Extend AD Schema for SCCM
Successfully extended the Active Directory schema – Extend AD Schema for SCCM.

Results of AD Schema Extension

Please refer to the ConfigMgr documentation for instructions on the manual configuration of access rights in the active directory, which may still need to be performed.

(Although the AD schema has now been extended, AD must be configured to allow each ConfigMgr Site security rights to publish in their domains.)

Resources

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.