Configuration of Active Directory System Management Container
If you've made the decision to integrate System Center Configuration Manager with Active Directory, then you will need to follow the steps below in order to create a container with permissions to allow the SCCM Site Servers to be published to AD.
- Create a Universal Security Group called “ConfigMgr Site Servers” in the AD domain.
The name of the container really isn't important, but it should be identifiable.
SCCM Site Server Universal Security Group
- Launch ADSI Edit (adsiedit.msc).
- Expand the Default Naming Context, and Fully Qualified Domain till CN=System is visible in the navigation pane.
- Right click on CN=System and select New, then Object from the context menu.
- From the Create Object dialog, select “container” from the Class list, then click Next.
- In the Value text box, type the name for the container, “System Management”, then click Next & Finish.
- Right click on the newly created System Management container and click Properties from the context menu.
- In the Properties dialog box, click the Security tab, then click Advanced.
- On the Permissions tab, click the Add button and type ConfigMgr Site Servers, to add permissions to the group, “ConfigMgr Site Servers” created in Step 1. Click OK.
"ConfigMgr Site Server" Container Permissions
- On the Permissions Entry dialog, ensure Apply to is set to “This object and all descendant objects” then click Full Control = Allow, then OK, OK and OK to apply the permission changes and exit all the dialogs.