When you extend the Active Directory schema for System Center 2012 Configuration Manager and the site is published to Active Directory Domain Services, many client installation properties are published to Active Directory Domain Services. If a computer can locate these client installation properties, it can use them during Configuration Manager client deployment.
The advantages of using Active Directory Domain Services to publish client installation properties include the following:
- Software update point-based client
installation and Group Policy client installations do not require
setup parameters to be provisioned on each computer.
- Because this information is automatically
generated, the risk of human error associated with manually
entering installation properties is eliminated.
Client installation (CCMSetup) uses the client installation properties that are published to Active Directory Domain Services only if no other properties are specified by using any of the following methods:
- Manual installation
- Provisioning client installation properties
by using Group Policy
Note |
---|
The client installation properties are used to install the client and might be overwritten with new settings from its assigned site after the client is installed and has successfully assigned to a Configuration Manager site. |
Use the following table to determine which Configuration Manager client installation methods use Active Directory Domain Services to obtain client installation properties.
Installation Method | Comments | ||
---|---|---|---|
Client push installation |
Client push installation does not use Active Directory Domain Services to obtain installation properties. Instead, you can specify client.msi installation properties in the Client tab of the Client Push Installation Properties dialog box. These options and client-related site settings are stored in a file that the client reads during client installation.
Any client.msi properties that you specify in the Client tab are published to Active Directory Domain Services if the site is published to Active Directory Domain Services. These settings are read by client installations where CCMSetup is run with no installation properties. |
||
Software update point-based installation |
The software update point-based installation method does not support the addition of installation properties to the CCMSetup command line. If no command line properties have been provisioned on the client computer by using Group Policy, CCMSetup searches Active Directory Domain Services for installation properties. |
||
Group Policy installation |
The Group Policy installation method does not support the addition of installation properties to the CCMSetup command line. If no command line properties have been provisioned on the client computer, CCMSetup searches Active Directory Domain Services for installation properties. |
||
Manual installation |
CCMSetup searches Active Directory Domain Services for installation properties under the following circumstances:
|
||
Logon script installation |
CCMSetup searches Active Directory Domain Services for installation properties under the following circumstances:
|
||
Software distribution installation |
CCMSetup searches Active Directory Domain Services for installation properties under the following circumstances:
|
||
Installations for clients that cannot access Active Directory Domain Services for published information:
|
These client computers cannot read installation properties from Active Directory Domain Services, and so will not be able to access the published installation properties. |
The following client installation properties are published by Configuration Manager to Active Directory Domain Services. For more information about each item, see About Client Installation Properties in Configuration Manager.
- The Configuration Manager site code.
- The site server signing certificate.
- The trusted root key.
- The client communication ports for HTTP and
HTTPS.
- The fallback status point. If the site has
multiple fallback status points, only the first one that was
installed will be published to Active Directory Domain
Services.
- A setting to indicate that the client must
communicate by using HTTPS only.
- Settings related to PKI certificates:
- Whether to use a client PKI certificate.
- The selection criteria for certificate
selection, if this is required because the client has more than one
valid PKI certificate that can be used for Configuration
Manager.
- A setting to determine which certificate to
use if the client has multiple valid certificates after the
certificate selection process.
- The certificate issuers list that contains a
list of trusted root CA certificates.
- Whether to use a client PKI certificate.
- Client.msi installation properties that are
specified in the Client tab of the Client Push
Installation Properties dialog box.