TimSharpe02118
asked on
SCCM 2007 Install in OU / Extend Schema
We are an OU within and AD site; we have full control within the OU. I’m looking to install SCCM 2007, can I extend the schema (run extadsch.exe) in the OU rather than for the entire domain. Also does anyone know of any articles that discuss limiting SCCM 2007 to an OU.
Neil Russell
No you can only install SCCM into the domain not into a single OU.
I can't speak adequately to the extending the AD schema (although my thought is that you will have to apply it to the entire domain) however I can suggest a simple method for limiting SCCM to just one OU. This assumes you do not have SCCM installed elsewhere in your domain. If you do I suggest installing a separate MP for your OU as multiple SCCM systems in a single domain can cause huge problems.
The short version is: Only install the client on computers in that OU.
The easiest way I can think of to do this is to turn off automated client installation in SCCM and use Group Policy to deploy the client. The GPO would only target that particular OU. Below are a couple of links that should help you with setting up a GPO. One thing I learned when we did this is that most of these articles assume you have Automatic Updates active on your target computers. Our base image has it turned completely off (because we have SCCM updating everything). You need to have AU set to at least the lowest active level of 'Notify Me...' This can also be added to your GPO.
So you need 3 parts in your GPO:
1) Redirect the automatic update point to your local wsus server
2) Configure the installation of the SCCM client (and publish it in your wsus server)
3) Make sure Automatic updates is set to any of the 3 active states.
http://dynamicit.wordpress.com/tag/sccm/
http://blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/archive/2007/05/19/sccm-2007-client-agent-deployment-using-software-updates.aspx
http://bassplayerdoc.spaces.live.com/blog/cns!CED2A18FB2A30E11!410.entry
The short version is: Only install the client on computers in that OU.
The easiest way I can think of to do this is to turn off automated client installation in SCCM and use Group Policy to deploy the client. The GPO would only target that particular OU. Below are a couple of links that should help you with setting up a GPO. One thing I learned when we did this is that most of these articles assume you have Automatic Updates active on your target computers. Our base image has it turned completely off (because we have SCCM updating everything). You need to have AU set to at least the lowest active level of 'Notify Me...' This can also be added to your GPO.
So you need 3 parts in your GPO:
1) Redirect the automatic update point to your local wsus server
2) Configure the installation of the SCCM client (and publish it in your wsus server)
3) Make sure Automatic updates is set to any of the 3 active states.
http://dynamicit.wordpress.com/tag/sccm/
http://blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/archive/2007/05/19/sccm-2007-client-agent-deployment-using-software-updates.aspx
http://bassplayerdoc.spaces.live.com/blog/cns!CED2A18FB2A30E11!410.entry
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
My reading of the question is that youe NOT domain administrators but rather you administrer objects inside your OU. IF You go ahead and try installing and running SCCM in this manner I would expect you to run into all kind of problems.
You cant extend the schema without some very explicit rights at the domain level.
Your Domain admins may take a dim view to you doing so.
IF you get the discovery and limits wrong then you could end up with a lot of undesired effects.
You will restrict your domain admins in what they can do with SCCM in the domain in the future.
My answer above to your orriginal question is still the correct one. No you can NOT extend the schema within an OU, it is a domain wide change that gets implemented and as such has an impact on the whole domain.
You cant extend the schema without some very explicit rights at the domain level.
Your Domain admins may take a dim view to you doing so.
IF you get the discovery and limits wrong then you could end up with a lot of undesired effects.
You will restrict your domain admins in what they can do with SCCM in the domain in the future.
My answer above to your orriginal question is still the correct one. No you can NOT extend the schema within an OU, it is a domain wide change that gets implemented and as such has an impact on the whole domain.
The question asked was "We are an OU within and AD site; we have full control within the OU. I’m looking to install SCCM 2007, can I extend the schema (run extadsch.exe) in the OU rather than for the entire domain"
The answer to that is a simple NO. I answered that in the very first posting. Whilst the other posts have added value to the "Also could you...." Follow on to the question that is not the prime question, more of an "Oh and by the way....."
The answer to that is a simple NO. I answered that in the very first posting. Whilst the other posts have added value to the "Also could you...." Follow on to the question that is not the prime question, more of an "Oh and by the way....."