SCCM 2012, Schema Failing to Extend

SCCM 2012, Schema Failing to Extend

sysmanagementThis week I was deploying a new installation of SCCM 2012. The customers Active directory was pretty locked down but they created me an account that was part of domain admins and administrators.

For those of you who don’t know a prereq to installing SCCM is to create a System Management container in ADSI edit, delegate permissions in Active Directory, then running extadsch.exe to extend the schema.

I was able to create the System Management object and delegate all the permissions but I was running into errors when running extadsch.exe. I added myself to Schema Admins then logged out and back in to make sure it had taken effect. After that a few of the schemas extended! But not all of them…

<09-16-2013 12:34:05> Modifying Active Directory Schema – with SMS extensions.
<09-16-2013 12:34:05> DS Root:CN=Schema,CN=Configuration,DC=bliss,DC=local
<09-16-2013 12:34:05> Failed to create attribute cn=MS-SMS-Site-Code. Error code = 5.
<09-16-2013 12:34:05> Failed to create attribute cn=mS-SMS-Assignment-Site-Code. Error code = 5.
<09-16-2013 12:34:05> Failed to create attribute cn=MS-SMS-Site-Boundaries. Error code = 5.
<09-16-2013 12:34:05> Failed to create attribute cn=MS-SMS-Roaming-Boundaries. Error code = 5.
<09-16-2013 12:34:05> Failed to create attribute cn=MS-SMS-Default-MP. Error code = 5.
<09-16-2013 12:34:05> Failed to create attribute cn=mS-SMS-Device-Management-Point. Error code = 5.
<09-16-2013 12:34:05> Failed to create attribute cn=MS-SMS-MP-Name. Error code = 5.
<09-16-2013 12:34:05> Failed to create attribute cn=MS-SMS-MP-Address. Error code = 5.
<09-16-2013 12:34:05> Failed to create attribute cn=mS-SMS-Health-State. Error code = 5.
<09-16-2013 12:34:05> Failed to create attribute cn=mS-SMS-Source-Forest. Error code = 5.
<09-16-2013 12:34:05> Failed to create attribute cn=MS-SMS-Ranged-IP-Low. Error code = 5.
<09-16-2013 12:34:05> Failed to create attribute cn=MS-SMS-Ranged-IP-High. Error code = 5.
<09-16-2013 12:34:05> Failed to create attribute cn=mS-SMS-Version. Error code = 5.
<09-16-2013 12:34:05> Failed to create attribute cn=mS-SMS-Capabilities. Error code = 5.
<09-16-2013 12:34:05> Failed to create class cn=MS-SMS-Management-Point. Error code = 8202.
<09-16-2013 12:34:05> Failed to create class cn=MS-SMS-Server-Locator-Point. Error code = 8202.
<09-16-2013 12:34:05> Failed to create class cn=MS-SMS-Site. Error code = 8202.
<09-16-2013 12:34:05> Failed to create class cn=MS-SMS-Roaming-Boundary-Range. Error code = 8202.
<09-16-2013 12:34:05> Failed to extend the Active Directory schema. Your Windows NT logon ID does not have the necessary privileges to extend the Active Directory schema, please find details in “C:\ExtADSch.log”.

I started to research the issue but didn’t find anything helpful. They even logged me into the administrator account and I was receiving the same errors. It started to look like I was going to get way off schedule with the project. I was getting pretty frustrated and decided to blow away the System Management container. I recreated it under their administrator account, delegated the permissions, and attempting to extend the Schema.

Success! It was extended.

<09-16-2013 02:46:12> Modifying Active Directory Schema – with SMS extensions.
<09-16-2013 02:46:12> DS Root:CN=Schema,CN=Configuration,DC=bliss,DC=local
<09-16-2013 02:46:13> Defined attribute cn=MS-SMS-Site-Code.
<09-16-2013 02:46:13> Defined attribute cn=mS-SMS-Assignment-Site-Code.
<09-16-2013 02:46:13> Defined attribute cn=MS-SMS-Site-Boundaries.
<09-16-2013 02:46:13> Defined attribute cn=MS-SMS-Roaming-Boundaries.
<09-16-2013 02:46:13> Defined attribute cn=MS-SMS-Default-MP.
<09-16-2013 02:46:13> Defined attribute cn=mS-SMS-Device-Management-Point.
<09-16-2013 02:46:13> Defined attribute cn=MS-SMS-MP-Name.
<09-16-2013 02:46:13> Defined attribute cn=MS-SMS-MP-Address.
<09-16-2013 02:46:13> Defined attribute cn=mS-SMS-Health-State.
<09-16-2013 02:46:13> Defined attribute cn=mS-SMS-Source-Forest.
<09-16-2013 02:46:13> Defined attribute cn=MS-SMS-Ranged-IP-Low.
<09-16-2013 02:46:13> Defined attribute cn=MS-SMS-Ranged-IP-High.
<09-16-2013 02:46:13> Defined attribute cn=mS-SMS-Version.
<09-16-2013 02:46:13> Defined attribute cn=mS-SMS-Capabilities.
<09-16-2013 02:46:14> Defined class cn=MS-SMS-Management-Point.
<09-16-2013 02:46:14> Defined class cn=MS-SMS-Server-Locator-Point.
<09-16-2013 02:46:14> Defined class cn=MS-SMS-Site.
<09-16-2013 02:46:14> Defined class cn=MS-SMS-Roaming-Boundary-Range.
<09-16-2013 02:46:14> Successfully extended the Active Directory schema.

<09-16-2013 02:46:14> Please refer to the ConfigMgr documentation for instructions on the manual
<09-16-2013 02:46:14> configuration of access rights in active directory which may still
<09-16-2013 02:46:14> need to be performed. (Although the AD schema has now be extended,
<09-16-2013 02:46:14> AD must be configured to allow each ConfigMgr Site security rights to
<09-16-2013 02:46:14> publish in each of their domains.)

I’m not sure if it was restrictions on my account, a random bug, or some other unexplained thing. Either way it’s working and I hope someone else having this problem might be able to find my fix.

If you have any guess as to why this happened let me know!

4 thoughts on “SCCM 2012, Schema Failing to Extend

  1. Your account needs to be added to the “Schema Administrator” group. Administrator account works as this is inside that group by default. 🙂

    1. Thanks for your comment! It’s been a long time, but reading back through the post it appears that I added my user to that group and was still having trouble.

Leave a Reply

Your email address will not be published. Required fields are marked *