Solution: ConfigMgr 2007 fails to create AMT User OU objects in Disjointed Namespace Environment

Solution: ConfigMgr 2007 fails to create AMT User OU objects in Disjointed Namespace Environment

  • Comments 17
  • Likes

fixHere’s an issue we ran into a while back and since we now have an ideal place to post it I thought I’d throw it out here in the hopes that it'll help the next person. 

Issue: AMT clients are "successfully" provisioned however their accounts are not created in the Out Of Band OU specified.

In the System Center Configuration Manager 2007 console, for the container to create our AMT accounts we have specified:

OU=AMT,OU=Misc,DC=alpha,DC=bravo,DC=charlie,DC=com

However the AMT clients we are trying to provision do not register their DNS suffix in that namespace.  Instead they register it in DC=charlie,DC=com (NOT DC=alpha,DC=bravo,DC=charlie,DC=com).

We tried hosts file on the SCCM server as well as modifying the DNS Suffix Search order on the SCCM server to no avail. Regardless of the console settings, when we try to create the account we do a DNS lookup of the client and then fail to add the user object with this error:

Failure: The AMT Proxy Manager failed to add a object into AD. FQDN: serverName.charlie.com, ADDN: OU=AMT,OU=Misc,DC=charlie,DC=com, UUID: 4C4C4544-0047-5010-8036-B4C04F544631, AMT Version: 3.2.3.

Note: This LDAP path is not the one defined in OOB Mgmt Properties and in fact does not exist!

If we configure the clients to register in DNS the DNS suffix of DC=alpha,DC=bravo,DC=charlie,DC=com then everything works.

Cause: This can occur if the domain has a disjointed namespace.  For more information on disjointed namespaces see the Disjointed namespaces section of http://support.microsoft.com/default.aspx?scid=kb;EN-US;909264.

Resolution: We do not support disjointed namespaces with AMT and ConfigMgr 2007 SP1, and at this time there is no support for this configuration with ConfigMgr 2007 SP2 either. However, we are investigating what it would take to offer that support and will make a final determination at a later date.

So ultimately the answer to this problem would be to allow your clients to register in the correct DNS namespace that matches up to your AD LDAP path specified.

Best,

Buz Brodin | Senior Support Escalation Engineer

Comments
  • I've never really understood what the purpose of adding machine to the AMT OU was? So what functionality do we lose if we had disjointed namespaces?

  • I adore your site, looks excellent and full of good info. Keep it up.

  • This is a great web site. Good polished UI and nice informative articles. I will be coming back next tme, thanks for the great post.

  • <a href="www.vertu-mobile-phone.com/">Vertu Phone</a>

  • I enjoyed your article here mate. Infact I'm a fan of the site in general to be very honest. It's the fourth ocasion I've been back here but I kept forgeting to save the site in my saved website list so I have to keep going through the search engines to find it. SAVED this time haha . Best of luck.

  • Thanks for such a great post and also the examine, I am totally impressed! Maintain stuff like this coming.

    http://www.aa-sf.com/

  • 好好学习,天天向上

    魔域私服 http://www.612yy.com/ 传奇世界私服 http://www.17173cssf.com/

  • 传世私服 传奇世界私服 传世私服发布网

    http://www.51smsf.com/

  • Let us always meet each other with a smile,for the smile is the beginning of love,and once we begin to love each other naturally we want to do something. <a href="http://www.onlineusb.net">oem usb</a>

    <a href="http://www.topusbdrive.com">Branded usb drives </a>

  • Doubt is the key to knowledge.

    http://www.xuehuasf.com/

    http://www.iqwqj.com/

  • thanks thats nicew great information

    texas ti-89

    http://www.makhzannoor.com

  • Thanks , I have just been looking for information about this topic for ages and yours is the best I’ve discovered till now.

    http://www.6scs.com

    http://www.178qw.com

  • Michele Bachmann cast her opinion http://www.7scs.net/ as a settled fact when she told the Republican presidential debate Thursday that a key element of President Barack Obama's health care law is unconstitutional.

  • hockey lovers buy hockey jerseys, here we provede your fancy hockeys for you

    <p><a href="www.hockeyjerseysbuy.com">buy hockey jerseys</a></p>

  • Perhaps you could write subsequent articles referring to this article. I wish to learn more things about it!<p><a href="www.buy-mlbjerseys.com">buy mlb jerseys</a></p>

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment