Share: Home
Extend AD Schema Fails with Error Code 8206 - Asem Alhourani - VirManSec Community
VirManSec Community
Asem Alhourani » Extend AD Schema Fails with Error Code 8206

Announcements

Extend AD Schema Fails with Error Code 8206
Asem Alhourani

Syndication

Recent Posts

Tags

View more

News

  • When you’re going to deploy a new package with SCCM 2007, there are a few steps you need to follow. The easiest way to deploy a package is to follow the next steps: [Y] 1.) Collection 2.) Package 3.) Program 4.) Distribution Point 5.) Advertisement Before we are going to deploy Office 2007, we’ve to create a MSP file for customize the Office 2007 installation. You can start the Office Customization Tool using the following command: Run ---> setup.exe /admin. Save the file in the updates folder on your Office 2007 source directory Step 1, creating a collection: 1.) Create a new collection, to specify the computers where Office must be installed. 2.) Navigate to System Center Configuration Manager, Site Database, Computer Management, New Collection 3.) Give your new collection a name, for example “Office 2007 Enterprise” 4.) On the Membership Rules dialog box, Create a collection Packages can only be distributed to members of a collection. A collection can contain multiple computers, a single computer, a single user and members of a security group. Configuration Manager 2007 operates with two different types of collections. · Direct membership based. ü Click the computer icon, which opens the Create Direct Membership Rule Wizard. Click Next ü On the Search for Resources dialog box, click the Resource class drop-down menu and select System Resource. Then, click the Attribute name drop-down menu and select Name. In the Value field enter %, and then click Next ü On the Search for Resources dialog box, click the Resource class drop-down menu and select System Resource. Then, click the Attribute name drop-down menu and select Name. In the Value field enter %, and then click Next ü On the Collection Limiting dialog box, click the Browse button, select All Windows Workstation or Professional Systems, and then click Next ü Select the computer(s) you want to deploy Office 2007 and click Next.,, Finish · Query Based collections are use full when distributing software to a larger group of resources based on specific criteria’s Example, all workstations in Copenhagen or computers belonging to an Active Directory security group. Direct membership collections are use full when distributing software to a narrow group of resources e.g. 5 test pc’s. Step 2, creating a package: 1.) Navigate to System Center Configuration Manager, Site Database, Computer Management, Software Distribution, Package, New Package 2.) On the General dialog box of the New Package Wizard, enter the Name, Version, Manufacturer, and Language. For example, Office, 2007, Microsoft, English (US) 3.) On the Data Source dialog box, select This package contains source files. Click the Set button, and then enter the path for the location of the source files in the Source directory field. For example E:\Software\Office 2007\, which contains a copy of the 2007 Office Enterprise installation CD. 4.) Click OK, and then continue to click Next and accept the default settings on all of the following dialog boxes: Data Access, Distribution Settings, Reporting, and Security. On the Wizard Completed dialog box. Step 3, creating a Program: 1.) Navigate to System Center Configuration Manager, Site Database, Computer Management, Software Distribution, Packages, Office 2007, Programs, New, Program 2.) Give the new program a Name 3.) On the Command-line box, type in setup.exe 4.) On the Environment dialog box, click the Program can run drop-down box and select Whether or not a user is logged on. This will enable Run with administrative rights for the Run mode. Leave the default for Drive mode to Runs with UNC name, and then click Next (Because the customization file, CustomOffice.MSP, was placed in the \Updates folder, a command line option is not needed to reference its location) 5.) On the Advanced dialog box, select the check box for Suppress program notifications, and then click Next Step 4, Copy to Distibution points: 1.) Navigate to System Center Configuration Manager, Site Database, Computer Management, Software Distribution, Packages, Office 2007, Distribution points 2.) Manage Distribution Points 3.) Select “Copy the package to new distribution points” 4.) Select the distribution points 5.) Click finish and wait a copple of minutes 6.) Check the status changing from Install Pending to Installed Step 5, creating the advertisement 1.) Navigate to System Center Configuration Manager, Site Database, Computer Management, Software Distribution, Advertisements 2.) New Advertisement 3.) Give the advertisement a Name 4.) Select the package, Program and Collection 5.) Click finish and wait a copple of minutes 6.) On the client wait for the next Machine Policy Retrievel & Evaluation Cycle After the setup is finished, Office 2007 is deployed to your client(s) and is ready to use!

Archives

At a customer’s site while testing an upgrade procedure from SMS 2003 to ConfigMgr 2007, I’ve faced a problem in extending the Active Directory Schema; or actually re-extending the Active Directory schema as it was extended using SMS 2003. However the ExtADSch.log file on located on Drive C kept generating the below error:
12-16-2008 11:28:07> Modifying Active Directory Schema - with SMS extensions.<12-16-2008> DS Root:CN=Schema,CN=Configuration,DC=customer,DC=net<12-16-2008> Failed to create attribute cn=MS-SMS-Site-Code. Error code = 8206.<12-16-2008> Failed to create attribute cn=mS-SMS-Assignment-Site-Code. Error code = 8206.
After investigating and inspired by the below TechNet Forum problem http://social.technet.microsoft.com/forums/en-US/configmgrsetup/thread/296853d7-804f-4307-8f3d-797355fa9fa7/
Well, reading the reply posted by ‘Stefan Schِrling - MVP’ I figured that the problem is due to a combination of scenario #2 and #3 in his reply. I found that when the customer built the test lab for testing purposes, he only connected one of his two domain controllers! So he actually created two domain controllers for the test lab, then he totally disconnected one of them without decommissioning or what so ever. After re-connect the removed domain controller and re initiate a replication cycle between the two domain controllers. The replication didn’t take place and the domain controllers were unable to talk to each other. After running replication monitor of the Windows Support tools the replication monitor kept displaying error 5: ‘Access is Denied’.
Trying to resolve the problem with the Domain Controllers I’ve tried articles
http://support.microsoft.com/kb/329860 and http://support.microsoft.com/kb/329873 including other resources on the web, nothing seems to fix the problem in the domain controllers replication; maybe because the domain controller disconnected badly from the test environment and it was kept away for too long. On the other hand I’ve even tried to demote the domain controller in an attempt to stop any replication attempt while extending the Active Directory Schema, but for sure that didn’t work because the target domain controller for de-promoting couldn’t contact the other domain controller. Linking that to our initial problem of Active Directory Extension Failure, I came to a conclusion that if the real production environment has no replication issues, I will not face the same errors when I try to re-extend the Active Directory Schema for ConfigMgr 2007.
Re-extending the Active Directory Schema successfully on the production environment made me believe that what I’ve faced in the lab setup prepared by the customer was a replication issue between DC's.

Posted 02-09-2009 1:30 PM by Asem Alhourani
Share:
Sponsors: Ms Logo Rtech Logo Pixel Arabia Logo Effate Univercisty Logo NC Logo
Home | About us | Contact us | Support
VirManSec IT Community, All Rights Reserved 2010