Out of band management in Configuration Manager 2007 SP1 and later requires that Configuration Manager publishes an Active Directory object to an organizational unit (OU) or container for each domain that will contain AMT-based computers.

Note
The information in this topic applies only to Configuration Manager 2007 SP1 and later.

When you perform the following procedures, AMT-based computers that are provisioned for out of band management can be published to Active Directory Domain Services.

After you have performed the procedures, you must configure the out of band management component with the name and location of the OU or container, in the Out of Band Management Component Configuration Properties: General Tab. When the site manages AMT-based computers from multiple domains, the same name and location must be created in Active Directory Domain Services for each domain, although you configure only one instance in Configuration Manager.

Important
The primary site server computer account must be granted full control permissions to the out of band management OU or container and all of its child objects.
Note
Extending the Active Directory schema and publishing site information to Active Directory Domain Services is not required for out of band management, but it is recommended for other features and functionality in Configuration Manager. For more information, see Decide If You Should Extend the Active Directory Schema.

To create and configure an OU in Active Directory Domain Services

  1. On a domain controller, log in with an administrative account that has permissions to create OUs in your selected domain.

  2. Click Start, click Programs, click Administrator Tools, and then click Active Directory Users and Computers.

  3. Click View, and then click Advanced Features.

  4. If necessary, connect to the domain.

  5. Right-click the domain object or another OU in which you want to create the OU, click New, and then click Organizational Unit.

  6. In the New Object - Organizational Unit dialog box, type the name of your choice, such as Out of Band Management Controllers, and then click OK.

    Note
    When choosing a name, only the following characters are supported: a-z, A-Z, 0-9, - (hyphen), _ (underscore), and spaces.

  7. Right-click the OU that you have just created, and then click Properties.

  8. Click the Security tab.

  9. Click Add to add the primary site server computer account, and then grant the account Full Control permissions.

  10. Click Advanced, select the primary site server's account, and then click Edit.

  11. In the Apply onto list, select This object and all child objects.

  12. Click OK.

    Note
    Repeat this procedure for each domain that will contain AMT-based computers that will be managed out of band.

To create and configure security for a container in Active Directory Domain Services

  1. On a domain controller, log in with an administrative account that has permissions to create containers in your selected domain.

  2. Click Start, click Run, and then enter adsiedit.msc to launch the ADSIEdit console.

    Note
    For more information about how to install and use ADSI Edit, see ADSI Edit (adsiedit.msc) Overview (http://go.microsoft.com/fwlink/?LinkId=183662).

  3. If necessary, connect to the domain.

  4. Expand the tree and right-click the domain or container in which you want to create the container, click New, and then click Object.

  5. In the Create Object dialog box, select Container, and then click Next.

  6. In the Value field, type the name of your choice, such as Out of Band Management Controllers, and then click Next.

    Note
    When choosing a name, only the following characters are supported: a-z, A-Z, 0-9, - (hyphen), _ (underscore), and spaces.

  7. Click Finish.

  8. Right-click the container that you have just created, and then click Properties.

  9. Click the Security tab.

  10. Click Add to add the primary site server computer account, and then grant the account Full Control permissions.

  11. Click Advanced, select the primary site server’s computer account, and then click Edit.

  12. In the Apply onto list, select This object and all child objects.

  13. Click OK, and close the ADSIEdit console.

    Note
    Repeat this procedure for each domain that will contain AMT-based computers that will be managed out of band.

See Also