Before you can use Network Access Protection (NAP) in Configuration Manager 2007, you must provision Active Directory Domain Services by extending the schema with Configuration Manager 2007 schema extension and site servers must be publishing Configuration Manager health state references to Active Directory.
To verify Active Directory has been provisioned for Network Access Protection, you can use either of the following procedures:
- Verify the existence of an Active Directory
attribute.
- Verify the existence of an entry in the
System Health Validator point log file.
To verify Active Directory has been provisioned for Network Access Protection by verifying the existence of an Active Directory attribute:
-
Check for the existence of the Active Directory attribute mSSMSHealthState for the site's object in the System Management container. If this attribute exists, Active Directory has been provisioned for Network Access Protection. If this attribute does not exist, Active Directory is not provisioned for Network Access Protection.
To verify Active Directory has been provisioned for Network Access Protection by verifying the existence of an entry in the System Health Validator point log file:
-
Check for the existence of the following line in the System Health Validator point log file SmsSHVADCacheClient.log: AD Schema is EXTENDED for SMSv4 NAP. If this entry exists, Active Directory has been provisioned for Network Access Protection. If this entry does not exist, Active Directory is not provisioned for Network Access Protection.
See Also
Tasks
How to Publish Configuration Manager Site Information to Active Directory Domain ServicesConcepts
About NAP Health State References in Network Access ProtectionHow to Verify Network Access Protection Components
Troubleshooting Network Access Protection
Other Resources
How to Extend the Active Directory Schema for Configuration ManagerTasks for Network Access Protection