Installing System Center Configuration Manager 1606

Posted: October 30, 2016 in SCCM

Creating container in AD 

In AD container SCCM will publish object which need to be published in Active Directory.

I used PS script to create container:

# Get the distinguished name of the Active Directory domain
$DomainDn = ([adsi]"").distinguishedName
# Build distinguished name path of the System container
$SystemDn = "CN=System," + $DomainDn
# Retrieve a reference to the System container using the path we just built
$SysContainer = [adsi]"LDAP://$SystemDn"
# Create a new object inside the System container called System Management, of type "container"
$SysMgmtContainer = $SysContainer.Create("Container", "CN=System Management")
# Commit the new object to the Active Directory database
$SysMgmtContainer.SetInfo()

Setting permissions on the System Management container

Setting permissions allows SCCM site servers to publish site information to the container

Open Active Directory Users And Computers (start-run-dsa.msc) ,click on Advanced Features

Untitled10

Expand System Folder,right click System Manager and click Delegare Control

Untitled

Click on Add, on select users,computers or groups window click on Object Types and check for Computers as object types. Click on OK. Type the name of the SCCM server computer account and click on OK.

Untitled1

Add SCCM computer account

capture00

Click create custom task to delegate

Untitled3

Make sure This folder,existing objects in this folder,and creation of new objects in this folder is selected and click next

Untitled4

Untitled5

choose General, Property Specific and Creation/deletion of specific child objects. For the permissions, click on Full Control

Extending AD schema

SCCM uses AD to publish information about its sites and services, making it easily accessible to Active Directory clients. To leverage AD, we must extend the schema to create classes of objects specific to SCCM.

Navigate to \SMSSETUP\Bin\X64 folder and run extadsch.exe as administrator.

capture6.png

Check ExtADSch.log file (Located on system drive)

capture7

Installing Windows Features

For SCCM to work we need to install IIS,Net Framework 3.5,Background Intelligent Transfer (BITS),Windows Update Service,Common HTTP Features – Default Document, Static Content,Application Development – ASP.NET 3.5, .NET Extensibility 3.5, ASP.NET 4.5, .NET Extensibility 4.5, ISAPI extensions,Security – Windows Authentication,IIS 6 Management Compatibility – IIS Management Console, IIS 6 Metabase Compatibility, IIS 6 WMI Compatibility, IIS Management Scripts and Tools:

install-windowsfeature web-server,net-framework-features,bits,rdc,web-net-ext,web-net-ext45,web-wmi,web-scripting-tools,web-windows-auth,updateservices,NET-WCF-Services45

Then install Windows Assessment and Deployment Kit,choose component as per picture

Untitled7

Installing SQL Server 2014

For SQL Service Accounts,(SQL Server Agent,SQL Server Database Engine,SQL Server Reporting Service) best practice is to use domain accounts created only for this purpose.

Here is sample script:

import-module activedirectory
New-ADOrganizationalUnit -NAME "SYSTEM ACCOUNTS"
New-ADUser -name sql_sa -displayname sql_sa -samaccountname sql_sa -AccountPassword (ConvertTo-SecureString "Password01" -asplaintext -force) -Enabled $true -PasswordNeverExpires $true -Path "OU=SYSTEM ACCOUNTS,DC=contoso,DC=com" -userprincipalname sql_sa@contoso.com
New-ADUser -name sql_db -displayname sql_db -samaccountname sql_db -AccountPassword (ConvertTo-SecureString "Password01" -asplaintext -force) -Enabled $true -PasswordNeverExpires $true -Path "OU=SYSTEM ACCOUNTS,DC=contoso,DC=com" -userprincipalname sql_db@contoso.com
New-ADUser -name sql_srs -displayname sql_srs -samaccountname sql_srs -AccountPassword (ConvertTo-SecureString "Password01" -asplaintext -force) -Enabled $true -PasswordNeverExpires $true -Path "OU=SYSTEM ACCOUNTS,DC=contoso,DC=com" -userprincipalname sql_srs@contoso.com

capture00

Select Dtabase Engine Service,Reporting Service and Management tools

capture

Optionally,we can create dedicated instance

capture1

Specify service accounts we created earlier and collation:

capture3

capture4

Install and configure Reporting Service:

Capture5.PNG

SQL server configuration:

We need to open ports for SQL Server,1433 (instance connection) and 4022 (Service Broker)

New-NetFirewallRule -Displayname "Allow port 1433" -direction inbound -LocalPort 1433 -Protocol tcp -Action allow
New-NetFirewallRule -Displayname "Allow port 4022" -direction inbound -LocalPort 4022 -Protocol tcp -Action allow

Prior installation,SCCM checks if SQL server’s memory is limited,if not it throws an warning,to suppres it,set memory boundaries for SQL server,open SQL Server management studio:

Untitled7

Right click SQL server name and choose properties:

Untitled8

Set min/max memory:

Untitled9

Configure static TCP port:

capture00

capture12

capture13

capture14

Add SCCM computer account to local administrator group of SQL server:

untitled

Installing SCCM

Capture00.PNG

capture00

Capture.PNG

Choose path for file needed by SCCM server

capture

Name site code and name

Capture8.PNG

Specify SQL server and instance:

capture

Configure configuration method:

capture

Install Management Pack and Distribution Point:

capture10

Choose whether You want to update SCCM:

capture11

capture

 

And we are done !!!

Capture00.PNG

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s