Error 4913: SMS cannot create the object in AD

[vijmat]

I am new to SMS 2003. I have little experiance with SMS
2.0. I just installed SMS 2003 on a Windows 2003 Server.
Right now the whole setup is running on standard security.

Problem
The service account has been given all type of accesses
but I am getting a whole bunch of Errors 4913 "Systems
Management Server cannot create the object "cn=SMS-MP-004-
APODC03" in Active Directory." I checked and the Folder
System Management is there in the AD and the Service
account has all rights. For some reason SMS is not
creating objects in the Active Directory.

Please Help. Thanks in advance.

Viju Mathai

 

[jkilmer]

vijmat (IS/IT--Manageme) Jun 4, 2004
I am new to SMS 2003. I have little experiance with SMS
2.0. I just installed SMS 2003 on a Windows 2003 Server.
Right now the whole setup is running on standard security.

Problem
The service account has been given all type of accesses
but I am getting a whole bunch of Errors 4913 "Systems
Management Server cannot create the object "cn=SMS-MP-004-
APODC03" in Active Directory." I checked and the Folder
System Management is there in the AD and the Service
account has all rights. For some reason SMS is not
creating objects in the Active Directory.

Please Help. Thanks in advance.

Viju Mathai

vijmat,

My first suggestion is to implement the Advanced Security Mode. Is the "cn=SMS-MP-004-APODC03" Management Point object a secondary server or the primary? The user account has the proper A.D. security (ie: Domain Admin). The computer account you are trying to install into SMS must be a member of the SMSObjectManagers Security Group whether it is the primary or secondary. If the computer account is for a secondary server, then the Primary SMS2003 server computer account must be a member of the local admins security group on the secondary server. If your user account has the correct A.D. security, then it must be a security issue with the computer account.

 

[Jpoandl]

MAke sure that you have extended your schema for SMS 2003 (if using advanced security mode). You will need to be a member of the schema admin to do this.

Next, if you do not have the ability to publish information to AD through your SMS account, you will have to create the AD object manually.

If you are not using the Advanced security (and have no intention of modifying the schema), you can ignore these messages. You can disable your site from trying to publish information to AD.

See this article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;830022

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[sparky0904]

I had this problem, t oresolve it i made the SMS Service account a domina admin or administrator and the errors went away.

I had given the account pwermissions to the container like the KB article says however still had problems u had,.

MArk

 

[SMO6]

Hi.

I'm having this issue too. It seems I've found more than one 'service' account that SMS uses. There is a remote service account local to the server that SMS is installed on (also the SQL server but not a DC). There is also a service account that looks to have been created by SMS' installation processes. Can anyone shed some light as to which specific account (ie account name) msg 4913 is referring to? Also, what group does the account need to be added to? Thanks.

SMAU6