Determine Whether to Extend the Active Directory Schema for Configuration Manager 2012

Updated: March 15, 2011

Applies To: System Center Configuration Manager 2012

When you extend the Active Directory schema for Configuration Manager 2012, you can publish site information to Active Directory Domain Services. Extending the Active Directory schema is optional for Configuration Manager 2012. However, by extending the schema you can use all Configuration Manager features and functionality with the least amount of administrative overhead. Extending the schema for Configuration Manager also offers the most secure solution for storing configuration information.

If you decide to extend the Active Directory schema, you can do so before or after you run Configuration Manager Setup.

Considerations for Extending the Active Directory Schema for Configuration Manager

The Active Directory schema extensions for Configuration Manager 2012 are unchanged from those used by Configuration Manager 2007. If you extended the schema for Configuration Manager 2007, you do not need to extend the schema again for Configuration Manager 2012.

The following table identifies Configuration Manager functions that use an extended Active Directory schema, and if there are workarounds if you cannot extend the schema.

Functionality	Active Directory	Details
Client installation and automatic site assignment	Optional	When a new Configuration Manager client installs, the client can search Active Directory Domain Services for standard installation properties. If you do not extend the schema, you must use one of the following workarounds to provide client configuration details to clients during installation: Provide client installation properties by using CCMSetup installation command-line options. Provide server locator point information by using the client.msi property SMSSLP=<server locator point name> on the CCMSetup command line during client installation. Publish the management point in DNS, and publish the server locator point in WINS.
Port configuration for client-to-server communication	Optional	When a client installs, it is configured with port information. If you later change the client-to-server communication port for a site, a client can obtain this new port setting from Active Directory Domain Services. If you do not extend the schema, you must use one of the following workarounds to provide this new port configuration to existing clients: Reinstall clients and configure them to use the new port information. Deploy a script to clients to update the port information. If clients cannot communicate with a site because of the port change, you must deploy this script externally to Configuration Manager. For example, you could use Group Policy.
Network Access Protection	Required	Configuration Manager publishes health state references to Active Directory Domain Services so that the System Health Validator point can validate a client’s statement of health.

Functionality

Active Directory

Details

Client installation and automatic site assignment

Optional

When a new Configuration Manager client installs, the client can search Active Directory Domain Services for standard installation properties. If you do not extend the schema, you must use one of the following workarounds to provide client configuration details to clients during installation:

Provide client installation properties by using CCMSetup installation command-line options.
Provide server locator point information by using the client.msi property SMSSLP=<server locator point name> on the CCMSetup command line during client installation.
Publish the management point in DNS, and publish the server locator point in WINS.

Port configuration for client-to-server communication

Optional

When a client installs, it is configured with port information. If you later change the client-to-server communication port for a site, a client can obtain this new port setting from Active Directory Domain Services. If you do not extend the schema, you must use one of the following workarounds to provide this new port configuration to existing clients:

Reinstall clients and configure them to use the new port information.
Deploy a script to clients to update the port information. If clients cannot communicate with a site because of the port change, you must deploy this script externally to Configuration Manager. For example, you could use Group Policy.

Network Access Protection

Required

Configuration Manager publishes health state references to Active Directory Domain Services so that the System Health Validator point can validate a client’s statement of health.

Considerations for Extending the Active Directory Schema for Configuration Manager

See Also

Concepts