Delegate Permission in AD Container
The primary purpose of granting permissions to the AD container is to allow SCCM to discover and manage computer objects and user objects in Active Directory. SCCM requires the appropriate permissions to create and modify objects within the specified container.
After granting the necessary permissions, SCCM will be able to create and manage objects within the specified AD container during its operations, such as discovering new resources, deploying applications, and applying configurations.
Go to Active Directory Users and Computers, Click on View
& select Advanced Features:-
Once the advance feature view is selected you will get the
System Management Container listed here. Right click on it & select
delegate control:-
Click on Next to continue:-
Click on Add to add the SCCM Server:-
Select Computers in the object type & enter the name of
the SCCM Servers (All the SCCM Server CAS & primary site need permission in
this container to publish the data in AD).
Once the sever is added click on Next to Finish:-
Select “Create a custom task to delegate”:-
Select “This folder, existing objects in this folder, and
creation of new objects in this folder”:-
Select “Full Control” here & Click next to continue:-
Click on Finish to end the wizard:-
Check if the rights are proper, Right click on system
management & select properties:-
Here we can see that the CAS server has full control:-
Important Links:-
No comments:
Post a Comment