This post is part of SCCM Current Branch Installation Guide series
Before SCCM installation, we need to prepare Active Directory which will make sure SCCM works efficiently.
Login to Domain Controller “DC01” with Domain Admin Account.

 Step 1:
Create Service account for SCCM

Open “Active Directory Users and Computers”
Create new Service Account with the name “SVC-SCCMAdmin” and make it a member of Domain Admin Account. Though Domain Admin Account membership is not recommended but for the purpose of avoid creating multiple service account (such as Network Access account, Domain joining account, Client push account, SQL Service account etc) with different permissions, we are simply creating here a single service accounts with all permissions required.

AD 00A
AD 11

Step 2:
Create container in “ADSI Edit”

Why we require this ?
We need to create “System Management” container with full rights given to SCCM Server. This is an activity which needs to performed as mandatory as this is the location where SCCM site and MP location will be published which will help client in the environment to know about your SCCM Site Server.
Open Adsiedit.msc by typing it under Windows + Run.
Once ADSI Edit is opened, right click ADSI Edit on right hand side and click on “Connect to” and press OK.

AD 01

Navigate to Default Naming Context, select container “System” – right click New > Object and select Container, click on next and name it as “System Management”.

AD 03

Right click container “System Management” and click on tab ‘security’. Click on add to open another window, click on object types and make sure “computers” is selected. Add the SCCM Server “SCCM01”.

AD 04

Once done, Check the box Allow for Full control permissions and click on Apply

AD 12

Click on Advanced, select SCCM01 and click on edit.

AD 14

Select “This object and all descendant objects” with SCCM01 select, click on OK thrice to exit.

AD 15
This is one of the most important task to give full permission to all descendant objects as SCCM Server will try to publish the information of Site & MP information in this location. Without this setup SCCM won’t work properly.
AD 07

Step 3:
Extend Schema

Why we require this ?
Active directory user attributes comes up with many inbuilt attributes such as firstname, lastname, email address, displayname, address etc. We need additional attributes related to SCCM which will help communication with clients and server.

Schema can be extended using utility Extadsch.exe which can be found under SCCM installation directory at following location SMSSETUP\BIN\X64\extadsch.exe

AD 08

Open command prompt with admin rights. Navigate to the folder SMSSTEUP\BIN\x64, and run extadsch.exe to extend the schema. You will see following once successful.

AD 09

Successful extension of schema will create a log file under c drive with the name ExtADSch.log and this will show following attributes as success:

AD 10