SCCM 2012 – Prerequisites installation – Part 2

Here we are going to see the Prerequisites installation of  configuration manager 2012 and we will also see the steps to create a system container, assign permission for SCCM on container and extend the Active directory schema.

Before you install the configuration manager, you should extend you active directory and give your SCCM server rights to create objects under the system container AD.

Does Configuration Manager creates System Container automatically ? – Configuration Manager does not automatically create the System Management container in Active Directory Domain Services when the schema is extended. The container must be created one time for each domain that includes a Configuration Manager primary site server or secondary site server that publishes site information to Active Directory Domain Services.

Some steps need to follow before creating system container:

  • Change Host name for domain controller
  • Set static IP address for domain controller.
  • Installation of Active directory for the environment.

Create System Management Container

We will first create the system management container and we will assign the SCCM server permission to create object under the container.

The Domain controller is running windows server 2012 data centre edition operating system. To create a container log on to domain controller with administrator account click on server manager, tools click on ADSI (Active directory server interface) edit.

1.png

1.png Right click ADSI Edit and click on Connect to. On the Connection Settings window, the naming context should be Default naming context. Do not change anything here, click on OK.

1.png

1.png

In the ADSI Edit Console, expand the Default Naming Context, right click CN=System, click on New and create an Object.

1.png

On the Create Object windows, select the class as container and click on Next.

1.png

Provide the value as System Management. Click on Next and click on Finish to close the wizard.

1

1.png

Now that we have created the system management container, we must grant the site server’s computer account the permissions that are required to publish site information to the container. The primary site server computer account must be granted Full Control permissions to the System Management container and all its child objects.

Click on Server Manager, click on Tools, click on Active Directory Users and Computers. Click on View and click Advanced Features. Expand System, right click System Management and click on Delegate Control.

1.png

1.png

1.png

1.png

The primary site server computer account must be granted Full Control permissions to the System Management container. Click on Add, on select users,computers or groups window click on Object Types and check for Computers as object types. Click on OK. Type the name of the primary site server computer account and click on OK.

1.png

1.png

1.png

You must see the primary site server computer account listed unde7r the users or groups. Click on Next

1.png

On the Tasks to Delegate page, click on Create a custom task to delegate. Click on Next.

1.png

On the Active Directory Object Type window, select the option This folder, existing objects in this folder and creation of new objects in this folder. Click on Next.

1.png

We need to select the permissions to delegate, choose GeneralProperty Specific and Creation/deletion of specific child objects. Under the permissions, click on Full Control. when you check the box for Full Control all the other permissions gets checked automatically. Click on Next and click on Finish to close the wizardWe have delegated full permissions to primary site server computer account on System Management container.

1


 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.