Configuring Sites to Publish to Active Directory Domain Services


Updated: May 14, 2015

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1

Before Configuration Manager can publish site data to Active Directory Domain Services, the Active Directory schema must be extended to create the necessary classes and attributes, the System Management container must be created, and the primary site server’s computer account must be granted full control of the System Management container and all of its child objects. Each site publishes its own site-specific information to the System Management container within its domain partition in the Active Directory schema. For information about extending the Active Directory schema, see the Prepare Active Directory for Configuration Manager section in the Prepare the Windows Environment for Configuration Manager topic.

Use the following procedures to configure an Active Directory forest for publishing, and to configure a site to publish to an Active Directory forest that is enabled for publishing.

To configure Active Directory forests for publishing:

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, click Active Directory Forests. If Active Directory Forest Discovery has previously run, you see each discovered forest in the results pane. The local forest and any trusted forests are discovered when Active Directory Forest Discovery runs. Only untrusted forests must be manually added.

    - To configure a previously discovered forest, select the forest in the results pane, and then on the **Home** tab, in the **Properties** group, click **Properties** to open the forest properties. Continue with step 3.
    - To configure a new forest that is not listed, on the **Home** tab, in the **Create** group, click **Add Forest** to open the **Add Forests** dialog box. Continue with step 3.
  3. On the General tab, complete configurations for the forest that you want to discover and specify the Active Directory Forest Account.


    Active Directory Forest Discovery requires a global account to discover and publish to untrusted forests. If you do not use the computer account of the site server, you can only select a global account.

  4. If you plan to allow sites to publish site data to this forest, on the Publishing tab, complete configurations for publishing to this forest.


    If you enable sites to publish to a forest, you must extend the Active Directory schema of that forest for Configuration Manager, and the Active Directory Forest Account must have Full Control permissions to the System container in that forest.

  5. When you complete the configuration of this forest for use with Active Directory Forest Discovery, click OK to save the configuration.

To enable a Configuration Manager site to publish site information to Active Directory forest:

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Site Configuration and click Sites. Select the site that you want to configure to have publish its site data, and then on the Home tab, in the Properties group, click Properties.

  3. On the Publishing tab of the sites properties, select the forests to which this site will publish site data.

  4. Click Ok to save the configuration.