Part 4 – Active Directory Preparation Work

Part 4 Active Directory Preparation Work

On the last post we installed Active Directory. In order to get Configuration Manager ready for the install, we need to create some Organizational Units and accounts that will help organize how we will want to plan our install.

Go to Control Panel, Administrative Tools, and Select Active Directory users and computer. The default BluePalace domain is shown below:

default domain shown

Select the BluePalace.LAB domain and select File, New and Organization unit:

new ou

On the New Object – Organizational Unit, call the new Organizational Unit: SCCM

SCCM ou

Select OK to create the new Container.In the new container select, New and User, fill in the following information:

new user SCCMguy

Select Next to continue.

Add a password to the user account. Remove the checkbox user must change password at next login. Select User cannot change password, and password never expires. Enter the new password be sure to remember what the password is for the user.

adding pw

Select Next to Create the user account.

sccmguy

Select Finish to create the user account.

Create the following accounts in the container SCCM:

Name:                Password:             Groups:

SCCMagent        SetPassword         User, Service Account

Smsadmin         SetPassword         Schema Admin, Domain Admin, Administrators

 

Create a new Organizational Unit called SQL.

Create the following accounts in the container SQL:

Type:                                                AccountName:        Password:                 Domain Groups:

SQL Server Agent                         SQLAgent             SetPassword         User, Service Account

SQL Server Database Engine   SQLDBEngine       SetPassword        Schema Admin, Domain Admin

SQL Server Analysis Integration Services   SQLINTSvcs  SetPassword        User

SQL Admins      SQLGuy, Jeff2SQL  Password  These accounts will have Complete Access to the SQL server

 

Now lets log out of the domain controller and log in with the SMSadmin account. This account will be logging into DC1. Mount the System Center Configuration Manager iso. We will need this ISO for this server because we need to extend the Active Directory schema. But first we need to make a entry to the system container.

Go to Control Panel, Administrative tools, and select Users and Computers. On the view button select Advanced Features. You can now see the system container in Active Directory. This is where the change will take place from ADSI edit.

 

Now select ADSIedit from Administrative tools. Once it loads select Connect to, and select the default naming context. Go To CN=System.

System selected

System selected

Select New, and choose object.

On the Create Object page select container.

Call the container System Management. 

System management AD container

Create Object

Select Next and Finish to create this container.

Select the CN=System Management container and select Properties. This is so the configuration manager can update this structure. Select the Security Tab and select Add

security

System Management Properties

add configmgr

Add Configmgr server

Change object types to computers, and add the configmgr server. Select OK to add this server.

Give the server Full Control over the container and select Apply and then OK to close this dialog box.

configmgr full control

Configmgr has been given full control

Extending the Active Directory Schema

Go to: D:\SMSSETUP\BIN\X64. Now run cmd. Type in extadsch.

This command extends the active directory schema. You can check the log it creates at C:\extADSCh.log. What this does is add a couple clients and attributes to the database, it is opening the file: D:\SMSSETUP\BIN\X64\ConfigMgr_Ad_schema.ldf. Which is a human readable file that you can open with notepad and you can see all the changes it will make to Active Directory.

Next Step Add SQL server to the ConfigMgr box.  

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s