Solved

SCCM 2007 Install in OU / Extend Schema

Posted on 2011-03-04
7
994 Views
Last Modified: 2012-08-13
We are an OU within and AD site; we have full control within the OU. I’m looking to install SCCM 2007, can I extend the schema (run extadsch.exe) in the OU rather than for the entire domain. Also does anyone know of any articles that discuss limiting SCCM 2007 to an OU.
0
Comment
Question by:TimSharpe02118
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
7 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35038479
No you can only install SCCM into the domain not into a single OU.
0
 
LVL 3

Expert Comment

by:jedial19
ID: 35041412
I can't speak adequately to the extending the AD schema (although my thought is that you will have to apply it to the entire domain) however I can suggest a simple method for limiting SCCM to just one OU.  This assumes you do not have SCCM installed elsewhere in your domain.  If you do I suggest installing a separate MP for your OU as multiple SCCM systems in a single domain can cause huge problems.

The short version is:  Only install the client on computers in that OU.
The easiest way I can think of to do this is to turn off automated client installation in SCCM and use Group Policy to deploy the client.  The GPO would only target that particular OU.  Below are a couple of links that should help you with setting up a GPO.  One thing I learned when we did this is that most of these articles assume you have Automatic Updates active on your target computers.  Our base image has it turned completely off (because we have SCCM updating everything).  You need to have AU set to at least the lowest active level of 'Notify Me...'  This can also be added to your GPO.

So you need 3 parts in your GPO:
1) Redirect the automatic update point to your local wsus server
2) Configure the installation of the SCCM client (and publish it in your wsus server)
3) Make sure Automatic updates is set to any of the 3 active states.

http://dynamicit.wordpress.com/tag/sccm/

http://blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/archive/2007/05/19/sccm-2007-client-agent-deployment-using-software-updates.aspx

http://bassplayerdoc.spaces.live.com/blog/cns!CED2A18FB2A30E11!410.entry
0
 
LVL 1

Accepted Solution

by:
brittman earned 500 total points
ID: 35041545
well, as far as extending the schema that is going to be for the entire domain.  If you don't want to extend the schema though, you will just have to make sure you install the SLP role (server locator point) so that you're clients can find the Management point rather than use the information published to AD which if you extend the schema you would use that.

as for limiting to an OU, simply.  When you configure you're discovery, only configure that OU during your SYSTEM DISCOVERY, under site settings, discovery options, it'll be in the format:  

LDAP://OU=your ou, OU=next up level OU, DC=comp,DC=corp, DC=com or net... you get the idea.

By limiting your discovery to only that OU provided you define you're boundary correctly then those clients will be discovered and assigned to your SCCM site.  At that point you could use client push provided you define an account which has admin rights to your clients to install the clients, hassle free.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35042139
My reading of the question is that youe NOT domain administrators but rather you administrer objects inside your OU. IF You go ahead and try installing and running SCCM in this manner I would expect you to run into all kind of problems.

You cant extend the schema without some very explicit rights at the domain level.
Your Domain admins may take a dim view to you doing so.
IF you get the discovery and limits wrong then you could end up with a lot of undesired effects.
You will restrict your domain admins in what they can do with SCCM in the domain in the future.

My answer above to your orriginal question is still the correct one. No you can NOT extend the schema within an OU, it is a domain wide change that gets implemented and as such has an impact on the whole domain.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 35075147
The question asked was "We are an OU within and AD site; we have full control within the OU. I’m looking to install SCCM 2007, can I extend the schema (run extadsch.exe) in the OU rather than for the entire domain"

The answer to that is a simple NO. I answered that in the very first posting.  Whilst the other posts have added value to the "Also could you...." Follow on to the question that is not the prime question, more of an "Oh and by the way....."
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question