Trevor Sullivan's Tech Room

Minding the gap between administration and development

PowerShell: Creating the System Management Container

Posted by Trevor Sullivan on 2011/05/04

If you’ve ever worked with Systems Management Server (SMS) 2003 or System Center Configuration Manager (ConfigMgr / SCCM) 2007, you probably are familiar with the step of creating the “System Management” container underneath the “CN=System,DC=mydomain,DC=com” container in Active Directory. Normally you have to go into ADSIEdit.msc in order to do this, since you can’t create container objects through the Active Directory Users & Computers MMC snap-in. Well thankfully, you can avoid both GUIs by using PowerShell! Here’s a quick snippet that should work on any domain:

# Get the distinguished name of the Active Directory domain
$DomainDn = ([adsi]"").distinguishedName
# Build distinguished name path of the System container
$SystemDn = "CN=System," + $DomainDn
# Retrieve a reference to the System container using the path we just built
$SysContainer = [adsi]"LDAP://$SystemDn"
# Create a new object inside the System container called System Management, of type "container"
$SysMgmtContainer = $SysContainer.Create("Container", "CN=System Management")
# Commit the new object to the Active Directory database

You’ll still have to set permissions appropriately, but if you’re looking to automate the entire process, here’s at least once piece!



5 Responses to “PowerShell: Creating the System Management Container”

  1. KM said

    this is wonderful. Do you have any script that can set the permission using powershell as well?

    • Trevor Sullivan said


      I was working on one, but I didn’t quite finish it.

      Trevor Sullivan

      • KM said

        I’m struggling to get this automated. is there any chance you’ll be doing it soon ? otherwise can you give me some pointers that I can try out ?

      • Trevor Sullivan said

        Yeah I looked at it briefly earlier today again … it’s a bit of .NET code to do it. You’ll want to look at the System.DirectoryServices namespace. There’s permissions-related classes there to help you build access rules and add them to AD objects.

  2. […] This will get you out of needing to launch ADSI Edit. This script was directly copied from this blog post: PowerShell: Creating the System Management Container […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: