To build on what Mark said, only the Site Servers need Full Control access to the container. Be sure to make the distinction between Site Servers and Site Systems.
If you only have a single Primary Site Server, then only that account needs access to publish to Active Directory. To the best of my knowledge, and according to the documentation , Secondary Site Servers do not have any need for Full Control permissions to the System Management container, as the Primary Sites are responsible for Active Directory publishing. http://technet.microsoft.com/en-us/library/hh696542.aspx Cheers, Trevor Sullivan From: [email protected] [mailto:[email protected]] On Behalf Of Mark Mears Sent: Wednesday, February 26, 2014 9:10 AM To: [email protected] Subject: RE: [mssms] Site Server permissions to Systems Management Container Any site that sits in the same domain should have permissions to the System Management container in AD. If the site in the DMZ is in the domain it should have those permissions. Normally DMZ systems are workgroup clients so they would not need those permissions as they would never connect to the domain. Thanks, Mark Mears <mailto:[email protected]%0d> [email protected] Phone: (757) 945-2651 <http://www.cireson.com/> <http://twitter.com/teamcireson> Check out our System Center App Store: www.cireson.com/app-store "Self Service Portal Unleashed!" Webinar | Wed. February 26,2014 10am PST | <http://us7.campaign-archive1.com/?u=c3dfc80bee5e0850f76662f55&id=b48a8642fd &e=77a0b072bc> Register now _____ From: [email protected] [mailto:[email protected]] On Behalf Of Brian McDonald Sent: Tuesday, February 25, 2014 8:04 PM To: [email protected] Subject: RE: [mssms] Site Server permissions to Systems Management Container Bump :) _____ From: [email protected] <mailto:[email protected]> To: [email protected] <mailto:[email protected]> Subject: [mssms] Site Server permissions to Systems Management Container Date: Mon, 17 Feb 2014 21:27:31 -0600 Stupid question - as I am beginning to build out additional site servers in my environment. Do all of My site Servers need to have permissions to the Systems Management container? I've created a ConfigMgr_Servers Group and gave it full permissions to the Systems Management container. Currently, this security group only contains my Primary Site server. Do I need to add my additional Site Servers to this group that I am building out in the DMZ? Thanks, Brian
<<image001.png>>
<<image002.jpg>>
