There are two schools of thought about the best way to create the System Management container.
The first school of thought recommends that the Active Directory (AD) Administrator creates the System Management container and then permissions are applied to it.
However, it is the second school of thought which I prefer. In this option, the AD Administrator allows the System Center Configuration Manager (CM) site server to create the System Management container itself, and then the Admin adjusts the permissions to its final state.
This second method is a two-step process.
Step 1 – Apply permissions to the System container, and then the CM site server creates the System Management container.
Step 2 – Remove the permissions on the System container and apply the permissions to the System Management container.
I prefer this two-step method because it ensures that Configuration Manager creates exactly what it wants, regardless of language settings, etc., and it also helps to prevent typos.
In the end it doesn’t matter which process you use, as long as the container is created in the appropriate location. Check out my blog post tomorrow on How to Set AD Security Rights for the System Management Container and next week’s post about How to Manually Create a System Management Container for ConfigMgr.