SCCM 2007 – Can’t Extend AD Schema

During the install for SCCM, the situation may exist where the AD Schema will not extend. The log file found at “C:\extadsch.log” may have the following.

 Modifying Active Directory Schema - with SMS extensions.
 DS Root:CN=Schema,CN=Configuration,DC=DOMAIN,DC=dom
 Failed to create attribute cn=MS-SMS-Site-Code.  Error code = 5.
 Failed to create attribute cn=mS-SMS-Assignment-Site-Code.  Error code = 5.
 Failed to create attribute cn=MS-SMS-Site-Boundaries.  Error code = 5.
 Failed to create attribute cn=MS-SMS-Roaming-Boundaries.  Error code = 5.
 Failed to create attribute cn=MS-SMS-Default-MP.  Error code = 5.
 Failed to create attribute cn=mS-SMS-Device-Management-Point.  Error code = 5.
 Failed to create attribute cn=MS-SMS-MP-Name.  Error code = 5.
 Failed to create attribute cn=MS-SMS-MP-Address.  Error code = 5.
 Failed to create attribute cn=mS-SMS-Health-State.  Error code = 5.
 Failed to create attribute cn=mS-SMS-Source-Forest.  Error code = 5.
 Failed to create attribute cn=MS-SMS-Ranged-IP-Low.  Error code = 5.
 Failed to create attribute cn=MS-SMS-Ranged-IP-High.  Error code = 5.
 Failed to create attribute cn=mS-SMS-Version.  Error code = 5.
 Failed to create attribute cn=mS-SMS-Capabilities.  Error code = 5.
 Failed to create class cn=MS-SMS-Management-Point.  Error code = 8202.
 Failed to create class cn=MS-SMS-Server-Locator-Point.  Error code = 8202.
 Failed to create class cn=MS-SMS-Site.  Error code = 8202.
 Failed to create class cn=MS-SMS-Roaming-Boundary-Range.  Error code = 8202.
 Failed to extend the Active Directory schema. Your Windows NT logon ID does not have the necessary privileges to extend the Active Directory schema, please find details in "C:\ExtADSch.log".

 

Make sure the following is true :

  • The user running the install is a Domain Admin
  • The user is a member of the Schema Admins group.

If this still does not work, create a new user in Active Directory, and have that user only be  a Domain Admin and in the Schema Admins group. Run the install again as this new user, and it should resolve the issue. Otherwise, other sources of error will be related to Active Directory not replicating correctly.

About Constantine Krick

Once a teacher, now a word press blog
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *