SCS integration with Active Directory

SCS integration with Active Directory

I have already installed SCS (server and Console) I am able
to successfully connect to SCS Server from the console and create profiles, set
passwords, etc.

When I check the "Integrate with active directory" option I am told
to enable this functionality extending Active Directory schema with Intel
Management Engine.

I have found the script (BuildSchema.VBS) installed at my SCS server and also
the references at the Installation and User guide, but it is not clear enough
for me.

Can someone give me a hand with directions in how to proceed in order to be able
to activate the AD integration?

Thanks in advance


4 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Thank you for posting your question. I just wanted to let you know that we are looking into this.


Maria, here are some instructions. There is also a pdf in the SDK docs called "Intel AMT Integration with Active Directory.pdf" which may help you as well. I will send you the MS Patches that you need via email since there doesn't seem to be a way to attach files to Forum Posts.

In order to use Integrate with AD mode in SCS, user needs to perform the following operations:

  1. Extend the AD schema by double clicking on the script BuildSchema.vbs. You can verify that schema was extended correctly by running the CheckSchemaExists.vbs script. Of course you need to execute these scripts by a domain user that has sufficient permissions to modify AD schema (like domain administrator).
  2. Go to AD and add a new OU named for example AMT.
  3. In the SCS profile ACL tab, you need to add domain users than you want to grant access to AMT capabilities.
  4. In order to inform SCS about the new OU that you created you need to specify its path in the configuration parameters of your AMT machine, Go to 'configuration parameters' (which called New Intel AMT Systems in SCS v1.2) and double click on the AMT machine. In the third text box you have you AD OU path, please click on the '...' button on the right and choose the OU that you have just created, then provision this machine. After the AMT system was provisioned, a new object will be created in that OU named like the AMT system host name.
  5. In order connect using webUI with IE browser you need to run the attached Microsoft patches, these patches come to fix the authentication issue, explanation about these patches are in the attached document on section 10 Note and Limitations.

Thanks for your help and directions Gael!


Leave a Comment

Please sign in to add a comment. Not a member? Join today