MVP Monday: Using PowerShell to automate SCCM 1702 Current Branch
If you're reading this, I assume you have already installed two workgroups joined servers running Windows Server 2016 (choose Windows Server 2016 Standard (Desktop Experience)) as listed below, and that you've configured the network settings. The network settings I am using for this lab are shown below. Server name: AD01 Server function: Domain Controller Server status: Workgroup joined
IPv4 Address: 192.168.7.1
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.7.199
DNS: 192.168.7.1
Server name: CM01 Server function: Configuration Manager Primary site Server status: Workgroup joined
IPv4 Address: 192.168.7.2
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.7.199
DNS: 192.168.7.1
Server name: Smoothwall Server function: Linux firewall Server status: 2 legacy nics
eth0: 192.168.7.199
eth1: x.x.x.x (internet facing ip)
(The scripts used in this guide are available here.)
Step 1. Configure Active Directory Domain Services (ADDS)
To setup Active Directory Domain Services you could manually click your way through the appropriate wizard in Server Manager or automate it using PowerShell.
Step 2. Join CM01 to the domain
To join the domain manually, bring up the computer system properties. Click on Change settings beside the computer name, click Change and enter the appropriate domain join details, reboot when done.
To join the domain automatically, use the joindomain.ps1 PowerShell script.
1. Copy the script to C:\scripts.
2. Edit the variables as desired before running.
3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle.
Step 3. Create users Perform on the Active Directory Domain Controller server (AD01) as Local Administrator. Note: The PowerShell script creates users and makes a user a local admin on the CM01 server. To facilitate the local administrator creation, you'll need to create a GPO on AD01 called Allow Inbound File and Printer sharing exception which sets Windows Firewall: Allow inbound file and printer sharing exception to Enabled.
Step 4. Create the System Management Container
(For details of why you are doing this, check this out.)
Step 5. Delegate Permission
Step 6. Install Roles and Features on CM01 To support various features in System Center Configuration Manager, the setup wizard requires some Server Roles and Features pre-installed. On CM01, log in as the username you added to the Local Administrators group and navigate to C:\Scripts. The XML files within the Scripts Used in This Guide.zip were created using the Export Configuration File option in Server Manager after manually installing roles and features and the accompanying PowerShell script simply installs it. Note: Make sure your Server 2016 media is in the drive specified in the script or edit the script to point to the location of the media.
Step 7. Download and install Windows ADK 10 version 1703 and WDS The ConfigMgr prerequisite checker will check for various things, including ADK components such as USMT and Windows Preinstallation Environment (amongst others), therefore you need to install Windows ADK on your server. To do so, either download ADKsetup from here and manually install it or run the setup ADK and WDS.ps1 PowerShell script to download and install the correct components for you. This script not only downloads the components needed, it also installs ADK 10 and then installs Windows Deployment Services. The setup ADK and WDS.ps1 PowerShell script is available in the Scripts Used in this Guide zip file. Note: As of 2017/5/4 ADK 1703 has an installation issue that occurs if you have Secure Boot enabled. To workaround this, disable secure boot prior to installing it, you can re-enable secure boot after the installation.
Step 8. Install SQL Server 2016 The following script will create a ConfigurationFile.ini used to automate the installation of SQL Server 2016, and after it's installed the script will download the SSMS executable (Management Studio) and install it. SQL Server no longer comes with the Management Studio built-in, and it's offered as a separate download, don't worry though, my PowerShell script takes care of that for you. Note: Make sure your SQL Server 2016 media is in the drive specified in the script or edit the script to point to the location of the media.
Step 9. SQL Memory Configuration
Depending on your memory configuration and server setup, you may also want to configure SQL memory limits as per the following guidance prior to installing ConfigMgr otherwise you'll get warnings in the Prerequisite Checker when it runs the Server Readiness checks.
Configuration Manager requires SQL Server to reserve a minimum of 8 gigabytes (GB) of memory for the central administration site and primary site and a minimum of 4 gigabytes (GB) for the secondary site. This memory is reserved by using the Minimum server memory setting under Server Memory Options and is configured by using SQL Server Management Studio. For more information about how to set a fixed amount of memory, see here.
If your SQL Server is configured for unlimited memory usage, you should configure SQL Server memory to have a maximum limit.
Step 10. Restart the ConfigMgr Primary Server Open an administrative command prompt and issue the following command:
shutdown /r
Step 11. Install the WSUS role
Now that SQL server is installed, we can utilize SQL Server for the WSUS database.
Step 12. Download and extract the ConfigMgr content
To install System Center Configuration Manager version 1702 you'll need to download the content. You can download it from Microsoft's Volume Licensing Service Center site for use in production or from MSDN for use in a lab.
The VLSC download can be found be searching for Config and then selecting System Center Config Mgr (current branch and LTSB).
Step 13. Download the ConfigMgr Prerequisites
Step 14. Extend the Schema Note: Perform the following on the Domain controller server (AD01) as Administrator. You do not have to extend the Active Directory schema if it was already extended for Configuration Manager previously.
Step 15. Install SCCM Current Branch (version 1702) Note: Perform the following on the ConfigMgr server (CM01) as Administrator. If you are NOT using eval (as in my example) then you need to add this section to the configuration.ini file[SABranchOptions]
SAActive=1
CurrentBranch=1
Success!
In these steps, there's quite a bit of PowerShell you can use to automate most of Installing System Center Configuration Manager Current Branch (version 1702), including installing and configuring SQL Server 2016 on Windows Server 2016. Doing it this way means you can safely say that you've got a handle on Automation using PowerShell.
I hope you learned a lot from doing it this way, and until next time.
Niall Brady
Niall is a 7 time Microsoft MVP (Enterprise Client Management), an Irishman living in Sweden, and the father of 3 boys. He blogs about System Center Configuration Manager and Microsoft Intune. He's the guy behind https://www.windows-noob.com and https://www.niallbrady.com. He's also a book (https://www.niallbrady.com/book/) writer. To relax he likes to work on his old 1960 Mercedes Benz 180db (https://www.youtube.com/channel/UCJ1QjE0WK4D54ybBWMO4WNg).
Get 1E digests straight to your inbox, including the latest thought leadership, insights on digital employee experience, endpoint management, and more.
Server name: AD01
Server function: Domain Controller
Server status: Workgroup joined
Server name: CM01
Server function: Configuration Manager Primary site
Server status: Workgroup joined
Server name: Smoothwall
Server function: Linux firewall
Server status: 2 legacy nics
eth0: 192.168.7.199
eth1: x.x.x.x (internet facing ip)
(The scripts used in this guide are available here.)
To setup Active Directory Domain Services you could manually click your way through the appropriate wizard in Server Manager or automate it using PowerShell.
To join the domain manually, bring up the computer system properties. Click on Change settings beside the computer name, click Change and enter the appropriate domain join details, reboot when done.
To join the domain automatically, use the joindomain.ps1 PowerShell script.
1. Copy the script to C:\scripts.
2. Edit the variables as desired before running.
3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle.
Perform on the Active Directory Domain Controller server (AD01) as Local Administrator.
Note: The PowerShell script creates users and makes a user a local admin on the CM01 server. To facilitate the local administrator creation, you'll need to create a GPO on AD01 called Allow Inbound File and Printer sharing exception which sets Windows Firewall: Allow inbound file and printer sharing exception to Enabled.
(For details of why you are doing this, check this out.)
To support various features in System Center Configuration Manager, the setup wizard requires some Server Roles and Features pre-installed. On CM01, log in as the username you added to the Local Administrators group and navigate to C:\Scripts. The XML files within the Scripts Used in This Guide.zip were created using the Export Configuration File option in Server Manager after manually installing roles and features and the accompanying PowerShell script simply installs it. Note: Make sure your Server 2016 media is in the drive specified in the script or edit the script to point to the location of the media.
The ConfigMgr prerequisite checker will check for various things, including ADK components such as USMT and Windows Preinstallation Environment (amongst others), therefore you need to install Windows ADK on your server. To do so, either download ADKsetup from here and manually install it or run the setup ADK and WDS.ps1 PowerShell script to download and install the correct components for you. This script not only downloads the components needed, it also installs ADK 10 and then installs Windows Deployment Services. The setup ADK and WDS.ps1 PowerShell script is available in the Scripts Used in this Guide zip file. Note: As of 2017/5/4 ADK 1703 has an installation issue that occurs if you have Secure Boot enabled. To workaround this, disable secure boot prior to installing it, you can re-enable secure boot after the installation.
The following script will create a ConfigurationFile.ini used to automate the installation of SQL Server 2016, and after it's installed the script will download the SSMS executable (Management Studio) and install it. SQL Server no longer comes with the Management Studio built-in, and it's offered as a separate download, don't worry though, my PowerShell script takes care of that for you. Note: Make sure your SQL Server 2016 media is in the drive specified in the script or edit the script to point to the location of the media.
Depending on your memory configuration and server setup, you may also want to configure SQL memory limits as per the following guidance prior to installing ConfigMgr otherwise you'll get warnings in the Prerequisite Checker when it runs the Server Readiness checks.
Configuration Manager requires SQL Server to reserve a minimum of 8 gigabytes (GB) of memory for the central administration site and primary site and a minimum of 4 gigabytes (GB) for the secondary site. This memory is reserved by using the Minimum server memory setting under Server Memory Options and is configured by using SQL Server Management Studio. For more information about how to set a fixed amount of memory, see here.
If your SQL Server is configured for unlimited memory usage, you should configure SQL Server memory to have a maximum limit.
Open an administrative command prompt and issue the following command:
shutdown /r
Now that SQL server is installed, we can utilize SQL Server for the WSUS database.
To install System Center Configuration Manager version 1702 you'll need to download the content. You can download it from Microsoft's Volume Licensing Service Center site for use in production or from MSDN for use in a lab.
The VLSC download can be found be searching for Config and then selecting System Center Config Mgr (current branch and LTSB).
Note: Perform the following on the Domain controller server (AD01) as Administrator. You do not have to extend the Active Directory schema if it was already extended for Configuration Manager previously.
Note: Perform the following on the ConfigMgr server (CM01) as Administrator. If you are NOT using eval (as in my example) then you need to add this section to the configuration.ini file[SABranchOptions]
SAActive=1
CurrentBranch=1
In these steps, there's quite a bit of PowerShell you can use to automate most of Installing System Center Configuration Manager Current Branch (version 1702), including installing and configuring SQL Server 2016 on Windows Server 2016. Doing it this way means you can safely say that you've got a handle on Automation using PowerShell.
I hope you learned a lot from doing it this way, and until next time.