Personal Ranting: AD Schema Extension (Part 2)

The first part of this series was written to out of "frustration" because of the confrontation of your potential customers. Knowing part one should adequately should adequately allow you to answer your customer's query.

Second part is more illustrate how to perform AD schema extension while the third part "Did you know" series what will you do when you hit issues. 

The steps are fairly simple:

Permission required:

"Schema Admins" & "Enterprise Admins" rights

Tool required: 

"extadsch.exe"

Steps:

• Create "System Management" folder under "System" container in ADSI edit. 

• Grant site server access to the above folder. (Add full control plus make sure the access is applied to "This object and all descendants objects" )

• Double click "extadsch.exe"

• Log will be created at the root of the hard disk. 

To ensure that these lists are current for your version of System Center 2012 Configuration Manager, review the ConfigMgr_ad_schema.LDF file that is located in the\SMSSETUP\BIN\x64 folder of the System Center 2012 Configuration Manager installation media.

Above are fairly simple steps but often face with violent opposition. But thing is just imagine that a spreadsheet (schema) has only ten columns and requires more columns (extend schema) to hold the information to make SCCM more useful, would you want to skip this step?

Happy reading!

SY

Personal Ranting: AD Schema Extension (Part 1)

Fear always stems from doubt and disbelief. If you can understand the underlying issues, you will not have a problem in implementing the technology to your environment. Over the years as a system engineer and consultant, you will be confronted by the customers why is there a need to perform AD schema extension before SCCM installation?

When you can understand the actual rationale behind of AD schema extension you will not reject the idea the next time you deploy SCCM. But nonetheless, AD schema extension is only performed once. So if you are using SCCM 2007 and upgrade to SCCM 2012, then you do not have to perform this action again. 

What is AD schema actually?

In a nutshell, AD schema is part of AD component where it keeps the data of all the AD objects. And these objects are term under class and attributes. 

What is an attribute?

Attributes contain data that defines the information that is stored in an object or in another attribute. For example, a user account object has attributes that store user information, such as the user’s first name, last name, password, office number, and telephone number. 

What is an class?

Object definitions are categorized into groups that are called classes. Classes act as blueprints that can be used each time a new object is created. When a new object is created in the directory, the object’s class determines the attributes that are associated with the new object, including which attributes are required and which attributes are optional.

The above information is taken from: 

https://technet.microsoft.com/en-sg/library/cc773309%28v=ws.10%29.aspx
  

https://technet.microsoft.com/en-sg/library/gg712272.aspx

A one time only AD schema extension will create 14 attributes and 4 classes in AD. (18 in total) 

Attributes: 

cn=mS-SMS-Assignment-Site-Code

cn=mS-SMS-Capabilities

cn=MS-SMS-Default-MP

cn=mS-SMS-Device-Management-Point

cn=mS-SMS-Health-State

cn=MS-SMS-MP-Address

cn=MS-SMS-MP-Name

cn=MS-SMS-Ranged-IP-High

cn=MS-SMS-Ranged-IP-Low

cn=MS-SMS-Roaming-Boundaries

cn=MS-SMS-Site-Boundaries

cn=MS-SMS-Site-Code

cn=mS-SMS-Source-Forest

cn=mS-SMS-Version

Classes: 

cn=MS-SMS-Management-Point

cn=MS-SMS-Roaming-Boundary-Range

cn=MS-SMS-Server-Locator-Point

cn=MS-SMS-Site

Happy reading!

SY

Did You Know 2: WSUS Maintenance

While this is actually old news, but the sites I went usually do not update the WSUS option. Especially for those SCCM to download different language windows patches, the private memory pool will be easily hit. 

Bear in mind that WSUS capacity is slightly different from SCCM. Therefore remember to setup this simple maintenance option in your site server: 

Make sure you set at least 8GB and above in KB. 

Information was taken from here: 

http://blogs.technet.com/b/configurationmgr/archive/2015/03/23/configmgr-2012-support-tip-wsus-sync-fails-with-http-503-errors.aspx

http://blog.coretech.dk/kea/house-of-cardsthe-configmgr-software-update-point-and-wsus/

Happy reading!

SY 

Did You Know 1: Software Update Status

Everyday we read software updates report status, but have you ever thought, what does the status really means? Well, few days back a manager came by and ask me a question on the report status and it lead me think of giving "professional' answers that are published in technet: 

State	Description
Required	Specifies that the software update is applicable and required on the client computer. Any of the following conditions could be true when the software update state is Required: ·         The software update was not deployed to the client computer. ·         The software update was installed on the client computer. However, the most recent state message has not yet been inserted into the database on the site server. The client computer rescans for the update after the installation has finished. There might be a delay of up to two minutes before the client sends the updated state to the management point that then forwards the updated state to the site server. ·         The software update was installed on the client computer. However, the software update installation requires a computer restart before the update is completed. ·         The software update was deployed to the client computer but has not yet been installed.
Not Required	Specifies that the software update is not applicable on the client computer. Therefore, the software update is not required.
Installed	Specifies that the software update is applicable on the client computer and that the client computer already has the software update installed.
Unknown	Specifies that the site server has not received a state message from the client computer, typically because one of the following: ·         The client computer did not successfully scan for software updates compliance. ·         The scan finished successfully on the client computer. However, the state message has not yet been processed on the site server, possibly because of a state message backlog. ·         The scan finished successfully on the client computer, but the state message has not been received from the child site. ·         The scan finished successfully on the client computer, but the state message file was corrupted in some way and could not be processed.

Taken from: https://technet.microsoft.com/en-us/library/gg682168.aspx

I hope you find this useful! :) 

Happy reading! 

SY

Introducing "Did you know?" series

Apart from labs, I will be sharing my working experiences here, while some of the articles posted here may not be new, but some recap and what stuff REALLY works will be posted here. 

Most of the articles posted here have been tried by myself personally during my course of my work. Let me adjust my notes and I will put it up here slowly. 

Happy reading! 

SY