Ahoy Sailor,
a few weeks ago I had a case at a customers site where the following event showed up in ConfigMgr Site status.
Configuration Manager cannot create the object “cn=SMS-MP-[SiteCode]-[FQDN]” in Active Directory ([DOMAIN]).
Possible cause: The site server’s machine account may not have full control rights for the “System Management” container in Active Directory
Solution: Give the site server’s machine account full control rights to the “System Management” container, and all child objects in Active Directory.Possible cause: Another Active Directory object named “cn=SMS-MP-[SiteCode]-[FQDN]” already exists somewhere outside of the “System Management” container
Solution: Locate the other object with the same name, and delete the object from its current location. Then allow the site to create a new object.Possible cause: The Active Directory schema has not been extended with the correct ConfigMgr Active Directory classes and attributes.
Solution: Turn off Active Directory publishing for each site in the forest, until the schema can be extended. The schema can be extended with the tool “extadsch.exe” from the installation media.
Configuration Manager cannot create the object “SMS-Site-[SiteCode]” in Active Directory ([Domain]).
Possible cause: The site server’s machine account may not have full control rights for the “System Management” container in Active Directory
Solution: Give the site server’s machine account full control rights to the “System Management” container, and all child objects in Active Directory.Possible cause: Another Active Directory object named “SMS-Site-[SiteCode]” already exists somewhere outside of the “System Management” container
Solution: Locate the other object with the same name, and delete the object from its current location. Then allow the site to create a new object.Possible cause: The Active Directory schema has not been extended with the correct ConfigMgr Active Directory classes and attributes.
Solution: Turn off Active Directory publishing for each site in the forest, until the schema can be extended. The schema can be extended with the tool “extadsch.exe” from the installation media.
For me the error seemed to be very obvious. So I decided to do the schema extension.
Referring on TechNet the ExtAdSch.exe is a good way to do this so I executed extadsch.exe on a domain controller. Unfortunately this did not work the first time…
<09-19-2014 17:21:29> Modifying Active Directory Schema – with SMS extensions.
<09-19-2014 17:21:29> DS Root:CN=Schema,CN=Configuration,DC=sys,DC=net
<09-19-2014 17:21:30> Defined attribute cn=MS-SMS-Site-Code.
<09-19-2014 17:21:30> Defined attribute cn=mS-SMS-Assignment-Site-Code.
<09-19-2014 17:21:30> Defined attribute cn=MS-SMS-Site-Boundaries.
<09-19-2014 17:21:31> Defined attribute cn=MS-SMS-Roaming-Boundaries.
<09-19-2014 17:21:31> Defined attribute cn=MS-SMS-Default-MP.
<09-19-2014 17:21:31> Defined attribute cn=mS-SMS-Device-Management-Point.
<09-19-2014 17:21:31> Defined attribute cn=MS-SMS-MP-Name.
<09-19-2014 17:21:31> Defined attribute cn=MS-SMS-MP-Address.
<09-19-2014 17:21:32> Defined attribute cn=mS-SMS-Health-State.
<09-19-2014 17:21:32> Defined attribute cn=mS-SMS-Source-Forest.
<09-19-2014 17:21:32> Defined attribute cn=MS-SMS-Ranged-IP-Low.
<09-19-2014 17:21:32> Defined attribute cn=MS-SMS-Ranged-IP-High.
<09-19-2014 17:21:32> Defined attribute cn=mS-SMS-Version.
<09-19-2014 17:21:33> Defined attribute cn=mS-SMS-Capabilities.
<09-19-2014 17:21:33> Failed to create class cn=MS-SMS-Management-Point. Error code = 8202.
<09-19-2014 17:21:33> Failed to create class cn=MS-SMS-Server-Locator-Point. Error code = 8202.
<09-19-2014 17:21:33> Failed to create class cn=MS-SMS-Site. Error code = 8202.
<09-19-2014 17:21:33> Failed to create class cn=MS-SMS-Roaming-Boundary-Range. Error code = 8202.
<09-19-2014 17:21:33> Failed to extend the Active Directory schema, please find details in “C:\ExtADSch.log”.<09-19-2014 17:25:47> Modifying Active Directory Schema – with SMS extensions.
<09-19-2014 17:25:47> DS Root:CN=Schema,CN=Configuration,DC=sys,DC=net
<09-19-2014 17:25:47> Attribute cn=MS-SMS-Site-Code already exists.
<09-19-2014 17:25:47> Attribute cn=mS-SMS-Assignment-Site-Code already exists.
<09-19-2014 17:25:48> Attribute cn=MS-SMS-Site-Boundaries already exists.
<09-19-2014 17:25:48> Attribute cn=MS-SMS-Roaming-Boundaries already exists.
<09-19-2014 17:25:48> Attribute cn=MS-SMS-Default-MP already exists.
<09-19-2014 17:25:48> Attribute cn=mS-SMS-Device-Management-Point already exists.
<09-19-2014 17:25:48> Attribute cn=MS-SMS-MP-Name already exists.
<09-19-2014 17:25:49> Attribute cn=MS-SMS-MP-Address already exists.
<09-19-2014 17:25:49> Attribute cn=mS-SMS-Health-State already exists.
<09-19-2014 17:25:49> Attribute cn=mS-SMS-Source-Forest already exists.
<09-19-2014 17:25:49> Attribute cn=MS-SMS-Ranged-IP-Low already exists.
<09-19-2014 17:25:49> Attribute cn=MS-SMS-Ranged-IP-High already exists.
<09-19-2014 17:25:49> Attribute cn=mS-SMS-Version already exists.
<09-19-2014 17:25:50> Attribute cn=mS-SMS-Capabilities already exists.
<09-19-2014 17:25:50> Failed to create class cn=MS-SMS-Management-Point. Error code = 8202.
<09-19-2014 17:25:50> Failed to create class cn=MS-SMS-Server-Locator-Point. Error code = 8202.
<09-19-2014 17:25:50> Failed to create class cn=MS-SMS-Site. Error code = 8202.
<09-19-2014 17:25:50> Failed to create class cn=MS-SMS-Roaming-Boundary-Range. Error code = 8202.
<09-19-2014 17:25:50> Failed to extend the Active Directory schema, please find details in “C:\ExtADSch.log”.
Turned out that I didn’t pick the schema master. So I had to figure out which server the schema admin is. Therefore I used the following command…
netdom /query fsmo
Executing the extadsch.exe on the schema master and everything was fine…
<09-19-2014 17:46:19> Modifying Active Directory Schema – with SMS extensions.
<09-19-2014 17:46:19> DS Root:CN=Schema,CN=Configuration,DC=sys,DC=net
<09-19-2014 17:46:19> Attribute cn=MS-SMS-Site-Code already exists.
<09-19-2014 17:46:19> Attribute cn=mS-SMS-Assignment-Site-Code already exists.
<09-19-2014 17:46:19> Attribute cn=MS-SMS-Site-Boundaries already exists.
<09-19-2014 17:46:19> Attribute cn=MS-SMS-Roaming-Boundaries already exists.
<09-19-2014 17:46:19> Attribute cn=MS-SMS-Default-MP already exists.
<09-19-2014 17:46:19> Attribute cn=mS-SMS-Device-Management-Point already exists.
<09-19-2014 17:46:19> Attribute cn=MS-SMS-MP-Name already exists.
<09-19-2014 17:46:19> Attribute cn=MS-SMS-MP-Address already exists.
<09-19-2014 17:46:19> Attribute cn=mS-SMS-Health-State already exists.
<09-19-2014 17:46:19> Attribute cn=mS-SMS-Source-Forest already exists.
<09-19-2014 17:46:19> Attribute cn=MS-SMS-Ranged-IP-Low already exists.
<09-19-2014 17:46:19> Attribute cn=MS-SMS-Ranged-IP-High already exists.
<09-19-2014 17:46:19> Attribute cn=mS-SMS-Version already exists.
<09-19-2014 17:46:19> Attribute cn=mS-SMS-Capabilities already exists.
<09-19-2014 17:46:20> Defined class cn=MS-SMS-Management-Point.
<09-19-2014 17:46:21> Defined class cn=MS-SMS-Server-Locator-Point.
<09-19-2014 17:46:21> Defined class cn=MS-SMS-Site.
<09-19-2014 17:46:21> Defined class cn=MS-SMS-Roaming-Boundary-Range.
<09-19-2014 17:46:21> Successfully extended the Active Directory schema.<09-19-2014 17:46:21> Please refer to the ConfigMgr documentation for instructions on the manual
<09-19-2014 17:46:21> configuration of access rights in active directory which may still
<09-19-2014 17:46:21> need to be performed. (Although the AD schema has now be extended,
<09-19-2014 17:46:21> AD must be configured to allow each ConfigMgr Site security rights to
<09-19-2014 17:46:21> publish in each of their domains.)
*Captain
Submit a comment on “Configuration Manager cannot create the object “SMS-Site-XXX” in Active Directory”