Q. How do I create the Systems Management container in Active Directory (AD)?

A. By default, when you extend the AD schema for Microsoft System Center Configuration Manager 2007 (SCCM), it doesn't actually create the Systems Management container or set permissions. Fortunately, the process to create the container isn't too complicated.

  1. Log on as a domain administrator.
  2. Launch ADSI Edit (adsiedit.msc).
  3. Open the domain partition, expand the domain name, and right-click the CN=System container. Select New then Object in the context menu.
  4. Select the container type, enter a name of System Management, and press Next then Finish.

Now you need to give the SCCM server full permissions on the System Management container and its child objects.

  1. Still within ADSI Edit, right-click the System Management container and select Properties.
  2. Select the Security tab.
  3. Click Add, select the computer account of the SCCM server, and grant it Full Control.
  4. Edit the new permissions. Under the Advanced section, click Edit for the SCCM account. Change the Apply onto field to This object and all child objects.
  5. Click OK.
Related Reading:

Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.