I'm posting this information because we've found an issue with a method of extending the Active Directory schema for Configuration Manager and I won't be able to officially document this until the next documentation release which is still a few months off (this information has been added to the Configuration Manager Documentation Library, but it won't be available until the next documentation update). This issue was also identified by Stuart James who posted this excellent article on myITforum earlier today: http://www.myitforum.com/articles/42/view.asp?id=10804.
NOTE: There are two options for extending the Active Directory schema for Configuration Manager--the ExtAdSch.exe utility and the ConfigMgr_ad_schema.ldf file. If you're using the ExtAdSch.exe utility to extend the Active Directory schema, you won't need to modify the .ldf file as explained in this posting. For more information about these methods see http://technet.microsoft.com/en-us/library/bb680608.aspx and http://technet.microsoft.com/en-us/library/bb632388.aspx respectively.
A lot of people like to use the .ldf file to extend the Active Directory schema because it is more transparent and allows them to see exactly what is going on during the extension process compared to having to read the log file created by the ExtAdSch.exe utility after everything is already done. This is understandable as the extension of the Active Directory schema isn't something that should be taken lightly! However, the .ldf file does have some inherent limitations compared to the ExtAdSch.exe utility. The .ldf file is incapable of performing any type of calculation or variable-based changes like the compiled code of the ExtAdSch.exe utility can. This posting provides some guidance on just such a situation.If you have previously extended the Active Directory schema for SMS 2003, when you use the default .ldf file to extend the AD schema for Configuration Manager, not all attributes will be properly updated without some manual intervention. Specifically, these attributes are not properly added to the management point object:
- mSSMSCapabilities
- mSSMSVersion
- mSSMSSourceForest
Because Configuration Manager clients cannot be assigned to SMS 2003 sites, they review the site capabilities and version information stored in Active Directory during client site assignment processes to ensure that they're being assigned to a valid site. If this information is not in Active Directory (and/or there is no server locator point specified in the client installation command line) they will fail to be assigned and become unmanaged...not good.
Without going into too many details here because it's not really the focus of this posting and it's already long as it is, the ExtAdSch.exe utility is smart enough to figure out what is going on and properly update these attributes in the Active Directory schema.The trick to getting the .ldf file to update the management point object with all required attributes is reformatting a section of the ConfigMgr_ad_schema.ldf file before using the LDIFDE utility to import the schema change information. To do this, open up the ConfigMgr_ad_schema.ldf file (located in the .\SMSSETUP\BIN\I386 directory of the Configuration Manager installation files) using your favorite text editor like Notepad.exe and scroll down/find the section that starts with the following text:
# ----------------------------------------------------------------------
# This section updates an existing MS-SMS-Management-Point class
# by adding four new attributes to the class. This section
# should always succeed whether the Schema is already extended for SMS 2003
# or if it is updated using this file.
# ----------------------------------------------------------------------
Don't have that file handy? You can view what I'm talking about here at: http://technet.microsoft.com/en-us/library/bb680568.aspx.
OK so ignore the irony in that last sentence of the .ldf file section header and highlight everything under it in the section (should be two short sections, and paste the following information over it--same information rearranged into four sections so it will import the information correctly):
dn: CN=MS-SMS-Management-Point,CN=Schema,CN=Configuration,DC=x
changetype: modify
add: mayContain
mayContain: dNSHostName
-
dn:
changetype: modify
replace: schemaupdatenow
schemaupdatenow: 1
-
dn: CN=MS-SMS-Management-Point,CN=Schema,CN=Configuration,DC=x
changetype: modify
add: mayContain
mayContain: mSSMSCapabilities
mayContain: mSSMSVersion
mayContain: mSSMSSourceForest
-
dn:
changetype: modify
replace: schemaupdatenow
After making those changes, just save the .ldf file and import the information into Active Directory using the LDFIDE utility.
If you have previously extended the Active Directory schema for SMS 2003, and you have already re-extended the Active Directory schema with the default ConfigMgr_ad_schema.ldf file before making these modifications, it's OK to make the modifications and then use the modified file to re-extend the schema again to add those important management point object attributes.
I hope this helps!
~Jeff