Unsupported content

 

This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Configuring SCCM for Active Directory

The following procedure describes the steps needed to support Active Directory on an Microsoft System Center Configuration Manager (SCCM) server.

Before you begin

The SCCM server must reside in the same domain as the Active Directory server.

To configure for Active Directory

  1. On the Active Directory computer, create a group that will later be added to SCCM.

    1. From Administrative Tools, select Active Directory Users and Computers.
    2. From the Users folder, select New > Group.
    3. Provide information about the group and click OK.
    4. From the groups listed within the Users folder, select the group you just created and select Properties.
    5. Select the Member Of tab and add Remote Management Users.
    6. Click OK.
  2. Create a user that will be added to the group you just created.
    1. From the Users folder, select New > User.
    2. Complete the wizard to create the user.
    3. From the users listed within the Users folder, select the user you just created and select Properties.
    4. Select the Member Of tab and the user to the group you created in step1.
    5. Click OK
  3. In SCCM, add the group you created in step 1 to Administrative Users.
    1. In the Administration workspace in SCCM, expand Security, right-click Administrative Users, and select Add User or Group.
    2. In the list of Assigned security roles, add the appropriate security roles. TrueSight Vulnerability Management requires that an Active Directory group must be associated with at least one of the following security roles:
      • Security Administrator
      • Read-only Analyst (used for the Data Refresh capability)
      • Operations Administrator
      • Full Administrator
    3. Add the appropriate security scope for the group and click OK.
  4. On the SCCM server, use the Local Users and Groups manager to add the group you created in step1 to the following local groups:
    • Users
    • SMS Admins—This group provides its members with access to the SMS Provider through WMI. Access to the SMS Provider is required for viewing and modifying Microsoft SCCM 2007 security objects and data in the Configuration Manager 2007 console.
    • Remote Management Users—Microsoft SCCM 2007 remote tools use this group to store the permitted viewers configured in the permitted viewers list. 

Was this page helpful? Yes No Submitting... Thank you

Comments