AD OD Extended Schema Computer Groups

Similar Messages

• Extending Schema

  I am trying to extend the schema in our AD environment for SCCM 2012.  I am in the schema admins group but I get the following errors after trying to extend the schema:
  <01-06-2014 12:25:13> Modifying Active Directory Schema - with SMS extensions.
  <01-06-2014 12:25:13> DS Root:CN=Schema,CN=Configuration,DC=ch,DC=org
  <01-06-2014 12:25:15> Defined attribute cn=MS-SMS-Site-Code.
  <01-06-2014 12:25:15> Defined attribute cn=mS-SMS-Assignment-Site-Code.
  <01-06-2014 12:25:16> Defined attribute cn=MS-SMS-Site-Boundaries.
  <01-06-2014 12:25:17> Defined attribute cn=MS-SMS-Roaming-Boundaries.
  <01-06-2014 12:25:17> Defined attribute cn=MS-SMS-Default-MP.
  <01-06-2014 12:25:18> Defined attribute cn=mS-SMS-Device-Management-Point.
  <01-06-2014 12:25:19> Defined attribute cn=MS-SMS-MP-Name.
  <01-06-2014 12:25:19> Defined attribute cn=MS-SMS-MP-Address.
  <01-06-2014 12:25:20> Defined attribute cn=mS-SMS-Health-State.
  <01-06-2014 12:25:21> Defined attribute cn=mS-SMS-Source-Forest.
  <01-06-2014 12:25:21> Defined attribute cn=MS-SMS-Ranged-IP-Low.
  <01-06-2014 12:25:22> Defined attribute cn=MS-SMS-Ranged-IP-High.
  <01-06-2014 12:25:22> Defined attribute cn=mS-SMS-Version.
  <01-06-2014 12:25:23> Defined attribute cn=mS-SMS-Capabilities.
  <01-06-2014 12:25:23> Failed to create class cn=MS-SMS-Management-Point.  Error code = 8202.
  <01-06-2014 12:25:23> Failed to create class cn=MS-SMS-Server-Locator-Point.  Error code = 8202.
  <01-06-2014 12:25:23> Failed to create class cn=MS-SMS-Site.  Error code = 8202.
  <01-06-2014 12:25:23> Failed to create class cn=MS-SMS-Roaming-Boundary-Range.  Error code = 8202.
  <01-06-2014 12:25:23> Failed to extend the Active Directory schema, please find details in "C:\ExtADSch.log".
  Im new at this and failed to backup the schema before executing this.  Im trying to find out what the problem is.  Does anyone know if this will cause huge issues since I did not back up the old schema?  We are on Windows 2008 R2.  If
  I try to extend the schema again, will this cause issues as well? 

  Just to be clear you can run the command to extend the schema from any domain computer. You do not have to run it on the Schema Master. Also, as stated above, the account you are using must be a member of the Schema Admins.
  Please don't take your Schema Master offline. Ensure that all DCs are online and operational and that replication is working successfully.
  I have only seen this error once. In that situation there were issues with replication. When these issues were solved I was able to extend the schema.
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson
  This is all redundant information to the OP. It has been established that any machine on the domain that can reach the Schema Master DC can be used. The OP already stated in the original message that the account used is part of Schema Admins group.
  And it is ENTIRELY possible to take the Schema Master offline and, as a matter of fact, MS even takes this approach in their TechNet article:
  "If the schema extension procedure was unsuccessful, restore the schema master's previous system state from the backup created in step 1. This will reverse the schema extension actions before reconnecting the schema master domain controller to the network."
  - Source
  Not to mention these articles state it is possible and recommended as well.
  Link1 
  Link2
  Dustin Estes - MCP | www.dustinestes.com

• Managed (mcx) preferences ONLY works for Computer Groups (Lists)

  AD Server 2008 R2 with extended schema.
  Macs (ML 10.8.5) bound to AD, mcx settings were created for Computer Groups , User Groups (AD security groups), Users
  but ONLY Computer Lists settings apply on the local machine (ANY, not just one)
  I can see it with mcxquery
  Anybody has an idea why that could be & how to sort it, so it DOES apply to user, user groups as well?
  Seb

  Turned out that my user existed as LOCAL user (same name/pass as AD)
  In that way ONLY Machine MCX applies
  Renaming local user & login with AD user applies Preferences correctly
  Seb

• Extended Schema

  Hello,
  I am trying to extend my Active Directory schema in order to store my managed preferences in AD.
  I am following this white paper : http://images.apple.com/business/solutions/it/docs/Modifyingthe_Active_DirectorySchema.pdf
  I am unable to manage groups or computer lists. I cannot create a new computer list as I receive an error when attempting to do so. I have attempted to completely remove all of the extended schema changes, re-compare an OD master against the AD PDC, recreate the schema changes LDF, and re-apply the changes to no avail.
  I do see the following in the debug logs:
  2010-10-15 14:09:41 EDT - T[0xB0081000] - Active Directory: Using existing connection for testdomain.com - test.testdomain.com. user [email protected] cache MEMORY:YVKESUz
  2010-10-15 14:09:41 EDT - T[0xB0081000] - Active Directory: Attempting to Create Record Type dsRecTypeStandard:ComputerLists Name Untitled_1
  2010-10-15 14:09:41 EDT - T[0xB0081000] - Active Directory: Add record CN=Untitled_1,CN=Mac OS X,DC=testdomain,DC=com with FAILED - LDAP Error 19
  Any help would be greatly appreciated.

  To clarify: the objectClassCategory for apple-computer, apple-group, and apple-user should be 3; all the other classes should be imported with objectClassCategory set to 1. Nothing should have an objectClassCategory of 0.
  I finally got a chance to test what happens if the apple-computer-list class is added to AD with objectClassCategory: 0, and the results match what you described. When I tried creating a computer list in Workgroup Manager, WGM popped up a dialog with the error "Not authorized. This action failed because you are not authorized to perform the operation.", and the DS debug log had this:
  2011-01-22 18:19:57 PST - T\[0xB030B000\] - Client: Workgroup Manage, PID: 63007, API: dsCreateRecord(), Active Directory Used : DAC : Node Ref = 33576284 : Rec Type = dsRecTypeStandard:ComputerLists : Rec Name = Untitled_1
  2011-01-22 18:19:57 PST - T\[0xB030B000\] - Active Directory: Using existing connection for example.com - windows-server.example.com. user [email protected] cache MEMORY:wHgljeI
  2011-01-22 18:19:57 PST - T\[0xB030B000\] - Active Directory: Add record CN=Untitled_1,CN=Mac OS X,DC=example,DC=com with FAILED - LDAP Error 19
  2011-01-22 18:19:57 PST - T\[0xB030B000\] - Client: Workgroup Manage, PID: 63007, API: dsCreateRecord(), Active Directory Used : DAR : Node Ref = 33576284 : Record Ref = 0 : Result code = -14120
  2011-01-22 18:19:57 PST - T\[0xB030B000\] - Plug-in call "dsCreateRecord()" failed with error = -14120.
  2011-01-22 18:19:57 PST - T\[0xB030B000\] - Port: 27927 Call: dsCreateRecord() == -14120
  so having the zero objectClassCategory would account for the problem. Unfortunately, I don't know of any way to change the objectClassCategory once it's set. I hope this happened in a test environment, so you can fix it (set objectClassCategory to 1 for all but the apple-user, apple-group, and apple-computer) before rolling it out to live.
  If this did make it to the live domain, there's a workaround: use AD tools (e.g. ADSI Edit) to create apple-computer objects inside the CN=Mac OS X container, then use WorkGroup manager to set them up.
  BTW, there's a newer version of the Apple instructions at [http://images.apple.com/business/solutions/it/docs/L407117B-USMod_AD_Schema_Support_MacsWP-4.pdf], for Snow Leopard (the one you linked was based on Leopard). The changes aren't terribly important. They removed a bunch of stuff that Snow doesn't use, and added the apple-hwuuid attribute to apple-computer. But the stuff that was removed was hardly ever used under Leopard, and apple-hwuuid isn't actually needed for Snow Leopard, so in fact either set of instructions should work fine with either version of Mac OS X.

• Error when trying to extend schema

  Installing SCCM2012 R2 into my test domain.  I've created the System Management object and given permissions.  I ran the extadsch.exe file from the SMSSetup\Bin\x64 directory of the install media.  The result was "Failed to extend the
  Active Directory schema, please find details in "C:\ExtADSch.log".
  Looking at the log I see:
  <01-28-2014 07:51:56> Failed to create class cn=MS-SMS-Management-Point.  Error code = 8202.
  <01-28-2014 07:51:56> Failed to create class cn=MS-SMS-Server-Locator-Point.  Error code = 8202.
  <01-28-2014 07:51:56> Failed to create class cn=MS-SMS-Site.  Error code = 8202.
  <01-28-2014 07:51:56> Failed to create class cn=MS-SMS-Roaming-Boundary-Range.  Error code = 8202.
  <01-28-2014 07:51:56> Failed to extend the Active Directory schema, please find details in "C:\ExtADSch.log".
  So, I looked up Error code 8202.  The notes I see refer to:
  replication issues
  Account used to run the schema extension not a member of Schema Admins
  The account is definitely a member of the Schema Admins group.  I have 2 DCs in the test domain, the first server is 2008 R2, the second is 2012 R2.  I ran repadmin /showrepl and got the following:
  Repadmin: running command /showrepl against full DC localhost
  Default-First-Site-Name\WILDDC1
  DSA Options: IS_GC
  Site Options: (none)
  DSA object GUID: 0a9eca25-db8f-4b24-a1e5-40e4e346263a
  DSA invocationID: 0a9eca25-db8f-4b24-a1e5-40e4e346263a
  ==== INBOUND NEIGHBORS ======================================
  DC=WILD,DC=XXX,DC=XX,DC=XXX
      Default-First-Site-Name\WILDDC2 via RPC
          DSA object GUID: ec3bd941-b372-4094-a15a-7e0c218a9a9c
          Last attempt @ 2014-01-28 07:54:33 was successful.
  CN=Configuration,DC=WILD,DC=XXX,DC=XX,DC=XXX
      Default-First-Site-Name\WILDDC2 via RPC
          DSA object GUID: ec3bd941-b372-4094-a15a-7e0c218a9a9c
          Last attempt @ 2014-01-28 07:52:01 was delayed for a normal reason, result 8418 (0x20e2):
      The replication operation failed because of a schema mismatch between the servers involved.
          Last success @ 2014-01-28 06:52:01.
  CN=Schema,CN=Configuration,DC=WILD,DC=xxx,DC=xx,DC=xxx
      Default-First-Site-Name\WILDDC2 via RPC
          DSA object GUID: ec3bd941-b372-4094-a15a-7e0c218a9a9c
          Last attempt @ 2014-01-28 07:52:04 was successful.
  DC=DomainDnsZones,DC=WILD,DC=xxx,DC=xx,DC=xxx
      Default-First-Site-Name\WILDDC2 via RPC
          DSA object GUID: ec3bd941-b372-4094-a15a-7e0c218a9a9c
          Last attempt @ 2014-01-28 07:52:01 was delayed for a normal reason, result 8418 (0x20e2):
      The replication operation failed because of a schema mismatch between the servers involved.
          Last success @ 2014-01-28 06:52:01.
  DC=ForestDnsZones,DC=WILD,DC=xxx,DC=xx,DC=xxx
      Default-First-Site-Name\WILDDC2 via RPC
          DSA object GUID: ec3bd941-b372-4094-a15a-7e0c218a9a9c
          Last attempt @ 2014-01-28 07:52:01 was delayed for a normal reason, result 8418 (0x20e2):
      The replication operation failed because of a schema mismatch between the servers involved.
          Last success @ 2014-01-28 06:52:01.
  So, I do have a couple of replication issues.  Any idea how to resolve them?

  Long shot: did you try extending the schema using the ldifde util and the ConfigMgr_ad_schema.ldf ?
  In any case it'll give you more details and probably point you into the right direction for troubleshooting.
  Update: procedure is documented here:
  http://technet.microsoft.com/en-us/library/bb632388.aspx (2007 article but the process is identical)

• Supressing the JAXB code for Extended Schemas using JWSDP

  Hi,
  Im trying to generate the JAXB code for the XML Schema using JWSDP using ANT build tool.
  Q : My schema(eg., Schema01.xsd) extends other two schemas(Schema02.xsd, Schema03.xsd).Here using JWSDP package using ANT Build tool, i want to Generate the JAXB java classes only for Schema01.xsd not for other two schemas.
  Can somebody help in this regard.
  Note : By default using JWSDP, Ant build tool, in "Build.xml" it expects schema name(eg. Schema01.xsd"). when i generate the java code, it generates code for the Schema and as well as its all exetended schemas.
  Q : how can supress generating the java code for the extended schemas.
  Regards
  Madhu

  Hi, no I didn't notice this, tried it now and got
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?><metadata xmlns="http://musicbrainz.org/ns/mmd-1.0#"><artist-list offset="0" count="1"><artist type="Group" id="ccd4879c-5e88-4385-b131-bf65296bf245" ext:score="100" xmlns:ext="http://musicbrainz.org/ns/ext#"><name>Echo & The Bunnymen</name><sort-name>Echo & The Bunnymen</sort-name><life-span begin="1978"/></artist></artist-list></metadata>is this right, its different to what I was originally trying to get

• Export and Import Computer Groups

  Two Monday mornings in a row the Open Directory on our Intel-based Xserve's Mac OS X 10.5.7 Server had failed. This would mean that users who were supposed to have specific access right to folders and share points on other Xserve file servers couldn't get their files or had full access instead of restricted access. The first Monday a restart resolved the issue. The second Monday a restart did not resolve the issue and we opened a case with AppleCare Enterprise Support. We got it up and running again but it failed on Friday during the day. Another call the AppleCare Enterprise Support had me export all my users, user groups, computers and computer groups as a backup.
  In the end, I had to do an erase and install of Mac OS X 10.5 server and I updated right to 10.5.8. AppleCare pointed me to the (now Snow Leopard) documentation and told me that now that the server was running and nothing was "broken" and they could not continue to support me. It was up to me to figure out how to restore everything from the documentation. Unfortunately, that document has NOTHING in it about restoring computers or computer groups. It only documents users and user groups. Our user groups were restored with the import of the previously exported list. However, all of the computers in our computer groups appear in the membership list as "Not Found". The preferences/settings for the group were restored but are not being applied to any computers. This means that portable users probably no longer have "mobile" accounts so they can log in off the network and now the Software Update is wide open (although most users are not administrators).
  Is there some trick I'm missing to get the computers back into their groups automatically? I can add them manually but I have 400 and can't tell from the list of workstation numbers which are laptops and which are desktops.
  -Doug

  Hi Tapojyoti,
  >>1. Is it correct that "WSUS 3.0 API Samples and Tools" is not supported in WSUS 4.0?
  Yes, WSUS 3.0 API Samples and Tools is not supported in Windows Server 2012R2 by default. We may try to rebuild it in Windows Server 2012R2. For detailed information about how the rebuiled, please refer to the readme document of the WSUS 3.0 API Samples
  and Tools.
  >>2. Is "WSUS 4.0 API Samples and Tools" available?
  No, I can't find the WSUS API Samples and Tools for 2012R2.
  >>3. Is there any alternative way in WSUS 4.0 to export and import XML file consisting "Computer Groups" and "Patch Approvals" configurations?
  As I have mentioned above, due to WSUS 3.0 API Samples and Tools is released with source code, we can try to rebuild it in the Windows Server 2012R2.
  If it doesn't work, as a workaround, we can configure the new WSUS server as the replica server of the existing WSUS server. After the synchronization, change the server mode to stand alone.
  Best Regards.
  Steven Lee
  TechNet Community Support

• SCOM 2012 - Custom disk space report - Computer Groups

  Hello,
  I've created custom disk report with sql query to pull the disk space for all servers. The report has parameters start data,End date and computer name but now my requirement would be to get the disk reports based on custom created computer group, Is it possible
  to feed computer group name instead of computer name in the custom reports?
  Regards,
  Vijay

  Hi,
  For SCOM 2007, you can’t select a group of servers and run a free disk space report on them. And for 2012 I think it also like that.
  But based on my research, someone said that when you create group with Logical Disk targets, it may work. Here are two similar threads for your reference:
  Report on Logical Disk Free Space % for a group of servers
  http://social.technet.microsoft.com/Forums/en-US/fbec6fce-8f65-461b-8730-98a0d493c375/report-on-logical-disk-free-space-for-a-group-of-servers?forum=operationsmanagerreporting
  Can't target free disk space report at Custom Group
  http://social.technet.microsoft.com/Forums/en-US/8555fc3e-eed2-4523-a307-589eb6ff72fc/cant-target-free-disk-space-report-at-custom-group?forum=operationsmanagerreporting
  Regards,
  Yan Li
  Regards, Yan Li

• Approving WSUS updates for one computer group at a time

  We have a WSUS server, and four computer groups (Alpha, Beta, Production, Workstations). Our patching process has us approve all "Not Approved" patches for the Alpha group, right after they're released by Microsoft. One week later, we approve all
  of the updates from the previous week, for the Beta group. One week later, we do the same for Production. 
  I'm writing a script (which I can't test until next week), and wonder if there's a better way to get the list of updates that are approved for Alpha. Here is the code: 
  $updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope
  $updateScope.ApprovedStates = [Microsoft.UpdateServices.Administration.ApprovedStates]::LatestRevisionApproved
  $updateScope.FromArrivalDAte = (Get-Date).AddMonths(-1)
  $wsusGroup = $wsus.GetComputerTargetGroups() | Where {$_.Name -eq "$PatchingGroup"}
  $updateScope
  $updateScope.getType()
  $updateScope.count
  $updateScope.ApprovedComputerTargetGroups.add($wsusGroup)
  $wsus.GetUpdates($updateScope)
  $Updates = $wsus.GetUpdates($updateScope)
  I assume I can take the $Updates variable and do the following for the Beta and Production groups: 
  Foreach ($update in $updates) {
  $update.Approve(“Install”,$PatchingGroup)
  Is this going to work, and is there a better way?

  For WSUS Scripts see this: http://poshwsus.codeplex.com/
  ¯\_(ツ)_/¯

• Adobe put CS6 Extended on computer as trial  now can't access regular cs6

  Adobe messenger had an update.  when I updated it turned out to be a trial version of PS CS6 Extended rather than my original Photoshop CS6.  Now trial is over and I can not access my original photoshop CS6 program.  Only option is to purchase the Extended version on line on the Cloud.

  I have re-entered the serial number for my original CS6 and it is back working again.  Thank you all for your quick responses.  I was afraid I was up the creek with no water running.. (:  All is good now.. Ed
         From: gener7 <[email protected]>
  To: Edward Leonard <[email protected]>
  Sent: Sunday, April 26, 2015 6:38 PM
  Subject:  Adobe put CS6 Extended on computer as trial  now can't access regular cs6
  Adobe put CS6 Extended on computer as trial  now can't access regular cs6
  created by gener7 in Photoshop General Discussion - View the full discussionPermanent license reverts to Extended Trial: This happens often. Don't panic. Your serial number is still good, you simply need to re-enter it and you do not need to purchase anything. Follow these steps:   On receiving Trial/Trial Expired screenMake sure that you are onlineClick on license this softwarePerpetual product owners: Log in with adobe ID and enter product serial numberProduct should be licensed successfully If the reply above answers your question, please take a moment to mark this answer as correct by visiting: https://forums.adobe.com/message/7482967#7482967 and clicking ‘Correct’ below the answer Replies to this message go to everyone subscribed to this thread, not directly to the person who posted the message. To post a reply, either reply to this email or visit the message page: Please note that the Adobe Forums do not accept email attachments. If you want to embed an image in your message please visit the thread in the forum and click the camera icon: https://forums.adobe.com/message/7482967#7482967 To unsubscribe from this thread, please visit the message page at , click "Following" at the top right, & "Stop Following"  Start a new discussion in Photoshop General Discussion by email or at Adobe Community For more information about maintaining your forum email notifications please go to https://forums.adobe.com/thread/1516624.

• How to export and import "Computer Groups" and "Patch approvals" in WSUS 4.0 ?

  Hi,
  I have a query regarding the export and import options for "Computer Groups" and "Patch Approvals" in WSUS 4.0.
  In WSUS 3.2 once we install WSUS 3.0 API Samples and Tools, we get "WSUSMigrationExport" and "WSUSMigrationImport" tools under
  C:\Program Files\Update Services 3.0 API Samples and Tools\WsusMigrate\ folder. 
  Using the 'WSUSMigrationExport' tool we can export the Computer Groups and the Patch Approvals in a XML file. And using the 'WSUSMigrationImport' tool we can import the 'Computer Groups' and the 'Patch Approvals' from that XML file into a different WSUS
  3.2 server. We can run the import tool as below:
  a. Run command prompt as administrator.
  b. In the command prompt, go to C:\Program Files (x86)\Update Services 3.0 API Samples ans Tools\ WsusMigrate\WsusMigrationImport
  c. Type WsusMigrationImport filename.xml TargetGroups None. Press enter; this will import Computer Groups to the WSUS 3.2 server.
     Type WsusMigrationImport filename.xml Approvals None. Press enter; this will import "Patch Approvals" to the WSUS 3.2 server.
  This is easy and useful.
  Now, for WSUS 4.0 I did not find  "WSUS
  4.0 API Samples and Tools". So I installed "WSUS 3.0 API Samples and Tools" in my WSUS 4.0 server. And tried to import a valid XML file in the above mentioned process. But the command returned an error.
  The error says the "Microsoft.UpdateService.Administration.dll" file was not found.
  I further searched in the internet about this issue and I found that the "WSUS 3.0 API Samples and Tools" is not supported in WSUS 4.0 as the .net framework used in "WSUS 3.0 API Samples and Tools" is 2.0 and WSUS 4.0 uses .net Framework
  4.5.
  So, Here are my questions.
  1. Is it correct that "WSUS 3.0 API Samples and Tools" is not supported in WSUS 4.0?
  2. Is "WSUS 4.0 API Samples and Tools" available?
  3. Is there any alternative way in WSUS 4.0 to export and import XML file consisting "Computer Groups" and "Patch Approvals" configurations?
  I need an urgent reply. Thank you in advance.

  Hi Tapojyoti,
  >>1. Is it correct that "WSUS 3.0 API Samples and Tools" is not supported in WSUS 4.0?
  Yes, WSUS 3.0 API Samples and Tools is not supported in Windows Server 2012R2 by default. We may try to rebuild it in Windows Server 2012R2. For detailed information about how the rebuiled, please refer to the readme document of the WSUS 3.0 API Samples
  and Tools.
  >>2. Is "WSUS 4.0 API Samples and Tools" available?
  No, I can't find the WSUS API Samples and Tools for 2012R2.
  >>3. Is there any alternative way in WSUS 4.0 to export and import XML file consisting "Computer Groups" and "Patch Approvals" configurations?
  As I have mentioned above, due to WSUS 3.0 API Samples and Tools is released with source code, we can try to rebuild it in the Windows Server 2012R2.
  If it doesn't work, as a workaround, we can configure the new WSUS server as the replica server of the existing WSUS server. After the synchronization, change the server mode to stand alone.
  Best Regards.
  Steven Lee
  TechNet Community Support

• OD Computer Group has computer "ghosts" - Can't get rid of them

  After testing OD on a new Leopard server for a few days with a few test Leopard clients, I have noticed that I have a couple OD Computer groups that have computers in them that no longer exist ("computer record ghosts", if you will). WGM will not let me remove them from the OD Computer groups in which they belong. WGM hangs (but doesn't crash). The computer records show up but are dim (grayed-out). I do not have computer records for the "absent" computer anymore, and thus they dont exist in OD anymore.
  Why does my OD group still see them?
  Why cant I remove them?
  Im assuming I must have brought a test Mac into OD and then added it to a group and later removed the computer record before removing it for the group(s). I just assumed that the OD server and WGM was smart/dynamic enough to understand that a record was deleted. Dont computer records get removed from a group once they are deleted?

  Hi Daniel
  You should be able to delete the Computer Group, save the changes and probably restart the Server to be on the safe side. But if its not working for you and to be absolutely certain demote and re-promote. Obviously archive the LDAP Database first as well as exporting Users and Groups to be on the safe side. You should be doing this anyway as part of your backup strategy. It does not take too long to do this although it will depend on how many users you have. Home Directories are not deleted. You can relocate Users to Home Directories afterwards.
  Does this help? Tony

• Help Powershell and Wsus Approve Updates By Computer Group

  I've found this script to ApproveUpdatesByComputerGroupt and it works, my problem is now, I only need to approve Classification Critical, because I will not approve service packs for OS / SQL, etc. 
  I'm using SCCM, but Failover Cluster should I use WSUS, and my support team is already running a script, to set maintenance mode. 
  But no matter what I've tried, I can not really get it to work, so .. 
  Help Help
  # ApproveUpdatesByComputerGroup.ps1
  [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
  $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()
  $ComputerTargetGroups = $wsus.GetComputerTargetGroups()
  Write-Host "Warning: This will approve all NotApproved updates for a Computer Group" -ForegroundColor Red
  Write-Host "Computer Groups"
  $Count = 0
  foreach ($ComputerTargetGroup in $ComputerTargetGroups) {
      Write-Host $Count - $ComputerTargetGroup.Name
      $Count++
  $ComputerGroupToUpdate = Read-Host "Select Computer Group to update. [0 - $($Count-1)]"
  Write-Host "Finding all updates needing approval and approving them"
  $ComputerGroupName = $ComputerTargetGroups[$ComputerGroupToUpdate].Name
  $ComputerGroupId = $ComputerTargetGroups[$ComputerGroupToUpdate].Id
  $ComputersToScan = $wsus.GetComputerTargetGroup($ComputerGroupId).GetComputerTargets()
  foreach ($ComputerToScan in $ComputersToScan) {
      $ComputerTargetToUpdate = $wsus.GetComputerTargetByName($ComputerToScan.FullDomainName)
      # Get all Not Installed updates available to the computer
      $NeededAndNotInstalled = $ComputerTargetToUpdate.GetUpdateInstallationInfoPerUpdate() | where {
                            ($_.UpdateInstallationState -eq "NotInstalled") `
                            -and ($_.UpdateApprovalAction -eq "NotApproved")}
      foreach ($UpdateToApprove in $NeededAndNotInstalled)
          Approve-WsusUpdate -Action Install -TargetGroupName $ComputerGroupName -Update $(Get-WsusUpdate -UpdateId $UpdateToApprove.UpdateId) -Verbose
  Write-Host "Done approving updates"
  sleep -Seconds 5

  This is what you are looking for:
  http://blogs.technet.com/b/heyscriptingguy/archive/2012/01/22/use-the-free-poshwsus-powershell-module-for-wsus-administrative-work.aspx
  ¯\_(ツ)_/¯

• EPPM Extended schema functional description

  Hi,
  I have installed EPPM 8.3 using sql server database in a windows 2008 server.
  In the documentation it says opening the PXReporting_83.dmd file I can find a functional description of a view in "Coments from RDBMS" property but there are no comments in any view in the model.
  Is there any other place where I can found an explanation of every extended schema view ?
  Thanks,

  Here are the services you need to start:
  Project Arbiter service
  Publish Project service
  Publish Enterprise Data
  Publish Enterprise Summaries
  Publish Resource Management
  Publish Security
  More info on the above is here: http://docs.oracle.com/cd/E20686_01/English/Technical_Documentation/Reporting_Database/P6%20Extended%20Schema%20White%20Paper.pdf
  Information on the tables is in a thread I started (and answered) here: R8.2 Extended Schema Tables Question

• Extending Schema for SCCM 2012 R2

  I have looked everywhere for this information, but it's not listed in the LDF file nor is it notated on the MS documentation.
  When extending the schema using extadsch.exe from the media for SCCM 2012 R2, does it touch the schema version or does it only add the classes required?  Is there a difference in versions of extadsch.exe 5.0 and the exadsch.exe in the SCCM 2007 media?

  Active Directory schema extensions for Configmgr 2012 are similar to the Active Directory schema extensions for Configmgr 2007.
  If the schema was already extended for Configmgr 2007, you dont need to extend schema again for Configmgr 2012.
  Eswar Koneti | Configmgr blog:
  www.eskonr.com | Linkedin: Eswar Koneti
  | Twitter: Eskonr