Skip to main content

PowerShell + SCCM 2012 R2 : Installation

Recently decided to embark on this little adventure of mine...where I will setup my SCCM 2012 R2 Lab and try doing most of things using PowerShell.

 I know this is ambitious and might take longer (even longer to blog about it)......But that hasn't stopped me in past. I am sure I will learn a lot in the process.

 So for this post it is the installation am focussing on and I am following the Windows-Noob Guide here.

 Steps which I won't be doing using PowerShell will be mentioned.

My LAB :
1. DexterDC  -- Domain Controller [Domain name - Dexter.com] (server 2012 R2)
2. DexSCCM -- Machine where SCCM will be installed (Server 2008 R2)
3. DexClient -- Windows 7 Client

 To make my Quest easy, I have enabled PSRemoting in the Domain using GPO.

Step 1. Create the Lab Environment

Create AD Users

First let's create the Users and then try to give the permissions needed.

* SMSadmin, a domain user 
* Testuser, a domain user
* Testuser2, a domain user
* Testuser3, a domain user
* DomJoin, a domain user,(for joining computers to the domain) 
* ReportsUser, a domain user for reporting services.
* ClientInstall, a domain user used when installing the Configuration Manager Client for Client Push. This user must be a local administrator on computers you want to install the Configuration Manager Client.
* SCCMNAA, a domain user, (Network Access Account) used during OSD

On the SCCM server add the SMSadmin user to the Local Administrators group (you can add the ClientInstall account also)

Below is what the PowerShell region for this part looks so far:


#region Create AD Users
#Import the Module
Import-Module -Name ActiveDirectory
$newUsers = "SMSadmin","Testuser","Testuser2","Testuser3","DomJoin","ReportsUser","ClientInstall","SCCMNAA"
#Create a Common Password..this is a Demo Environment
$Password = ConvertTo-SecureString -String "P@ssw0rd2" -AsPlainText -Force
foreach ($newuser in $newUsers)
{
New-ADUser -SamAccountName $newUser -Name $newuser -AccountPassword $Password -PassThru | Enable-ADAccount -Verbose
}
#endregion Create AD Users
#region Give AD Users Local Admin Access
#need to add the AD Users [ClientInstall,SMSadmin] to the Local Admin Group
([ADSI]"WinNT://DexSCCM/Administrators,group").add("WinNT://Dexter/ClientInstall")
([ADSI]"WinNT://DexSCCM/Administrators,group").add("WinNT://Dexter/SMSAdmin")
#endregion Give AD Users Local Admin Access
view raw Blog-CreateUsers.ps1 hosted with ❤ by GitHub
Step2 is download so manually done already or can be done using Start-BitsTransfer (see Step 8)

Step 3 & 4: Create the Systems Management Container and Delegate Permission to it

Below is the Code which will create the container and give the Computer Account for DexSCCM appropriate permissions on the container.
#region create Conatiner 'System Management'
#create the Container
New-ADObject -path 'CN=System,DC=dexter,DC=com' -Type container -name 'System Management' -PassThru
#get the Default Naming context
$root = (Get-ADRootDSE).defaultNamingContext
#store the ACL for the Container System Management
$acl = get-acl "AD:CN=System Management,CN=System,$root"
#get the Computer AD Object
$SCCMComputerAccount = Get-ADComputer -Identity DexSCCM
#Create an ACE to give the Computer Account Full access to the Container "System Management" and the child Objects
$All = [System.DirectoryServices.ActiveDirectorySecurityInheritance]::SelfAndChildren
$ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $SCCMComputerAccount.SID, "GenericAll", "Allow", $All
#add the ACE to the ACL
$acl.AddAccessRule($ace)
#Set the modified ACL back to the Container "System Management"
Set-acl -aclobject $acl "ad:CN=System Management,CN=System,$root"
#endregion
view raw Blog-CreateSystemMgmt.ps1 hosted with ❤ by GitHub



Step 5- Extend the AD Schema
This one is just double-click the Executable , this is how you do it in PowerShell:
#region Extend AD Schema
& E:\VLab_Software\SystemCenter21012R2\Extracted\ConfigMgr_Extract\SMSSETUP\BIN\X64\extadsch.exe
#& Path\Extadsch.exe
#endregion
view raw blog-ExtendADSchema.ps1 hosted with ❤ by GitHub

Step 6- Open TCP Ports for Replication 1433 and 4022 for replication
For this we will create a GPO and add the firewall rules to it and link the GPO back to the domain. Below is the code with comments:
#region Open TCP Ports 1433 and 4022 for SQL Replication
#Create a new GPO
New-GPO -Name SCCM_FireWall_Rule -Comment "This is to allow port 1433 and 4022 for sql replication" -Domain dexter.com -Verbose
#Open the NETGPO session to add the firewall rules to it
$GPOSession = Open-NetGPO -PolicyStore dexter.com\SCCM_FireWall_Rule -DomainController DexterDC -Verbose
#Add a new Firewall rules to the GPO session
New-NetFirewallRule -name AllowPort1433 -DisplayName "ALlow port 1433 for SQL Replication" -Direction Inbound -Protocol TCP -LocalPort 1433 -LocalAddress 10.1.1.1/24 -GPOSession $GPOSession -Verbose
New-NetFirewallRule -name AllowPort4022 -DisplayName "ALlow port 4022 for SQL Replication" -Direction Inbound -Protocol TCP -LocalPort 4022 -LocalAddress 10.1.1.1/24 -GPOSession $GPOSession -Verbose
#Save the New GPO session
Save-NetGPO -GPOSession $GPOSession -Verbose
#Now link the GPO to the Domain
New-GPLink -Name SCCM_FireWall_Rule -Target "DC=Dexter,DC=Com" -LinkEnabled Yes
#Update the Group Policy on all the Computers...Not that many in my LAB
Get-ADComputer -Filter * -SearchBase "CN=Computers,DC=Dexter,DC=Com" | ForEach-Object -Process {Invoke-GPUpdate -RandomDelayInMinutes 0 -Force }
#endregion
view raw blog-CreateGPOforFirewall.ps1 hosted with ❤ by GitHub


So after I do this in the Group Policy Management Console, I see below :
Pretty neat huh!

 Step 7: Install .NET 3.5.1 and WCF activation
Till now all the steps were being done on my Domain Controller. You can use a Client (Win7/Win8) to do all this stuff if it has RSAT installed too, but that costs me one more machine on my poor Hyper-V server ;) . So I tend to do most stuff on DC ...remember it's my LAB.

 For this step we need to add the features to the SCCM Server (DexSCCM). So let's get to it. Let's try Get-WindowsFeature


Let's try the PSRemoting way now (already setup in my environment):
#region Install required features
#create a PSSession to the remote Server..soon going to get SCCM installed
$Session = New-PSSession -ComputerName DexSCCM
#create an array of required features and sub-features
$featuresneeded = "Web-Common-Http","Web-Static-Content","Web-Default-Doc","Web-Dir-Browsing","Web-Http-Errors","Web-Http-Redirect","Web-App-Dev","Web-Asp-Net","Web-Net-Ext","Web-ASP","Web-ISAPI-Ext","Web-ISAPI-Filter","Web-Health","Web-Http-Logging","Web-Log-Libraries","Web-Request-Monitor","Web-Http-Tracing","Web-Security","Web-Basic-Auth","Web-Windows-Auth","Web-Url-Auth","Web-Filtering","Web-IP-Security","Web-Performance","Web-Stat-Compression","Web-Mgmt-Tools","Web-Mgmt-Console","Web-Scripting-Tools","Web-Mgmt-Service","Web-Mgmt-Compat","Web-Metabase","Web-WMI","Web-Lgcy-Scripting","Web-Lgcy-Mgmt-Console"
#Add the Features to the Remote Server
Invoke-Command -Session $Session -ScriptBlock {Get-WindowsFeature -Name $using:FeaturesNeeded | where {$_.installed -eq $false } | Add-WindowsFeature }
#endregion
#regiond download .NET 4
$url = "http://download.microsoft.com/download/9/5/A/95A9616B-7A37-4AF6-BC36-D6EA96C8DAAE/dotNetFx40_Full_x86_x64.exe"
Start-BitsTransfer -Source $url -Destination \\DexSCCM\C$\Temp\DotNet4_Full.exe -Asynchronous
#endregion download .NET 4
#region Add BITS & RDC
#Step 9 requires to add BITS and RDC as well
Invoke-Command -Session $session -ScriptBlock {Get-WindowsFeature -Name "BITS","RDC" | Add-WindowsFeature -Verbose }
#endregion
view raw blog-InstallFeatures.ps1 hosted with ❤ by GitHub

Step 8 code to download .NET 4 (code Above)
Step 9 add features BITS,RDC (code above)


 Step 10 &11:  Install SQL Server 

 I have SQL Server 2012 SP1 and I tried for a while to silent install it but I was able to mess up the Configuration File each time. So I decided to this manually on the DexSCCM server.
One can try this.

 Step 12 : Install Configuration Manager 2012 R2

I went with manual install for this too. But you can try the silent install by following the instructions here.

 So this sums up my post. If you are really looking to automate the whole installation process then there is a Project by name CM12Automation @ Codeplex do try it. 

 Will be back with more of my PowerShell and Configuration Manager experiments.

Labels

Labels:

Popular posts from this blog

Azure DevOps Tips & Tricks - Find private REST APIs

Original source -  Azure DevOps Tip - Find private APIs Often working with Azure DevOps, I hit a wall trying to automate some tasks but there are no REST API's made public yet. It was one of those task of automating creation of Environments in multi-stage YAML based pipelines in AzDO. Quick research reveals that this has been requested in uservoice  (please upvote). Let's see one of the very simple ways to discover some of these APIs.
Get-FullPost »

Azure + GoLang SDK : Authenticating Part-2

The auth package lives at "github.com/Azure/go-autorest/autorest/azure/auth" In the above package, at the moment I have explored below two functions (my notes): NewAuthorizerFromFile method NewAuthorizerFromEnvironment method (this post)  This function definition looks like below :
Get-FullPost »

Test connectivity via a specific network interface

Recently while working on a Private cloud implementation, I came across a scenario where I needed to test connectivity of a node to the AD/DNS via multiple network adapters.  Many of us would know that having multiple network routes is usually done to take care of redundancy. So that if a network adapter goes down, one can use the other network interface to reach out to the node. In order to make it easy for everyone to follow along, below is an analogy for the above scenario: My laptop has multiple network adapters (say Wi-Fi and Ethernet) connected to the same network. Now how do I test connectivity to a Server on the network only over say Wi-Fi network adapter?
Get-FullPost »