Creating an object through ADSI Edit in the root domain

Hi guys, hope you are all well, have a great christmas, and best new year.
Id love your help.

We have the following AD 2003 forest.

root domain
   | domain A
   | domain B
   | domain C
   | domain D

We are implementing SCCM for the first time in our environment.

No SCCM servers will be located in the root domain.... only in our subdomains.
Our Primary Site Server will be installed and located in domain A.

One of the requirements is that an object:
cn=System Management
be added to the schema.

So, here is what we have done:

Step 1: On a domain controller in the root domain, which holds the Schema master role.
ADSI Edit - navigate to CN=System | right click - New - Object - container:
CN=System Management
We then gave the computer (the SCCM Primary Site Server located in domain A) Full Control to right its information to this new object. We also gave the domain account used to configure and install the SCCM Primary Site Server Full Control as well.

Step 2: We then attempted to install SCCM in domain A, and it came back with an error saying that it could not find "CN=System Management".

My questions are these:

Should this new object which has been added to the schema in the root, by design, be propagated down to sub domains? That is, should we be able to see "CN=System Management" in sub domain A?

Currently, the state is as follows:

From the root domain, we can see: "CN=System Management"

From subdomain A, we CANNOT see: "CN=System Management"

As the SCCM server is looking for this object (it appears) in subdomain A, and not in the root domain, it errors.

Any help on this greatly appreciated.



LVL 1
Simon336697Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jrhelgesonCommented:
From subdomain A, we CANNOT see: "CN=System Management"
And you should not be seeing it either.
When Active Directory runs a query, it will search its domain, unless it is told to do otherwise.

Are you installing it into Domain A using credentials from the Root domain?
What kind of trusts are in place between the domains?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.