About Client Installation Properties Published to Active Directory Domain Services in Configuration Manager
Updated: May 14, 2015
Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1
When you extend the Active Directory schema for System Center 2012 Configuration Manager and the site is published to Active Directory Domain Services, many client installation properties are published to Active Directory Domain Services. If a computer can locate these client installation properties, it can use them during Configuration Manager client deployment.
The advantages of using Active Directory Domain Services to publish client installation properties include the following:
Software update point-based client installation and Group Policy client installations do not require setup parameters to be provisioned on each computer.
Because this information is automatically generated, the risk of human error associated with manually entering installation properties is eliminated.
Note
For more information about how to extend the Active Directory schema for Configuration Manager and how to publish a site, see Prepare the Windows Environment for Configuration Manager and Configuring Sites to Publish to Active Directory Domain Services.
Client installation (CCMSetup) uses the client installation properties that are published to Active Directory Domain Services only if no other properties are specified by using any of the following methods:
Manual installation
Provisioning client installation properties by using Group Policy
Note
The client installation properties are used to install the client and might be overwritten with new settings from its assigned site after the client is installed and has successfully assigned to a Configuration Manager site.
Use the following table to determine which Configuration Manager client installation methods use Active Directory Domain Services to obtain client installation properties.
Installation Method |
Comments |
|---|---|
Client push installation |
Client push installation does not use Active Directory Domain Services to obtain installation properties. Instead, you can specify client.msi installation properties in the Client tab of the Client Push Installation Properties dialog box. These options and client-related site settings are stored in a file that the client reads during client installation. Note You do not have to specify any CCMSetup properties for client push installation, or the fallback status point, or the trusted root key in the Client tab. These settings are automatically supplied to clients when they are installed by using client push installation. Any client.msi properties that you specify in the Client tab are published to Active Directory Domain Services if the site is published to Active Directory Domain Services. These settings are read by client installations where CCMSetup is run with no installation properties. |
Software update point-based installation |
The software update point-based installation method does not support the addition of installation properties to the CCMSetup command line. If no command line properties have been provisioned on the client computer by using Group Policy, CCMSetup searches Active Directory Domain Services for installation properties. |
Group Policy installation |
The Group Policy installation method does not support the addition of installation properties to the CCMSetup command line. If no command line properties have been provisioned on the client computer, CCMSetup searches Active Directory Domain Services for installation properties. |
Manual installation |
CCMSetup searches Active Directory Domain Services for installation properties under the following circumstances:
|
Logon script installation |
CCMSetup searches Active Directory Domain Services for installation properties under the following circumstances:
|
Software distribution installation |
CCMSetup searches Active Directory Domain Services for installation properties under the following circumstances:
|
Installations for clients that cannot access Active Directory Domain Services for published information:
|
These client computers cannot read installation properties from Active Directory Domain Services, and so will not be able to access the published installation properties. |
The following client installation properties are published by Configuration Manager to Active Directory Domain Services. For more information about each item, see About Client Installation Properties in Configuration Manager.
The Configuration Manager site code.
The site server signing certificate.
The trusted root key.
The client communication ports for HTTP and HTTPS.
The fallback status point. If the site has multiple fallback status points, only the first one that was installed will be published to Active Directory Domain Services.
A setting to indicate that the client must communicate by using HTTPS only.
Settings related to PKI certificates:
Whether to use a client PKI certificate.
The selection criteria for certificate selection, if this is required because the client has more than one valid PKI certificate that can be used for Configuration Manager.
A setting to determine which certificate to use if the client has multiple valid certificates after the certificate selection process.
The certificate issuers list that contains a list of trusted root CA certificates.
Client.msi installation properties that are specified in the Client tab of the Client Push Installation Properties dialog box.
Note
Auto upgrade of clients can fail when the installation parameters for CCMSetup run with double quotes around them. Double quotes can be caused by the following:
-
Running CCMSetup and specifying a parameter that is published to Active Directory for the site the client is being assigned to. (Each parameter from AD receives a set of quotes, and CCMSetup adds an additional set of quotes).
-
Running CCMSetup and using quotes when specifying a parameter. (CCMsetup adds an additional set of quotes).