Step by Step – Installing ConfigMgr 1511 in https – Part 1 Preparing Active Directory and Primary Site Server.

Hi and welcome back, finally after a few months I found some time to start writing blog posts again. As you already know, we are running ConfigMgr 1511 these days to have all the features available to support Windows 10.  If you would like to read more detailed information about the product itself,  you will be able to find it on TechNet

December 8, 2015 Microsoft released information on TechNet to get ready for System Center Configuration Manager. If you would like to read more about it, you can go directly to the article by clicking here.

December 15, 2015 Microsoft released extra information on TechNet related to ConfigMgr functionalities. If you’re new to ConfigMgr or just want to know more about the product, continue reading here.

After having some requests about the installation of Configuration Manager with https, I decided to write this step by step. This step-by-step will contain a few Parts because it will be a pretty big post.

What will be covered in this post:

  • Active Directory
    • Extend Active Directory Schema
    • Create Security Groups
    • Create Service Accounts for SQL
    • Create System Management Container
  • Installing Windows Server Roles & Features
    • Using PowerShell command lets.
    • Using the ConfigMgr Prerequisites Tool 1.4.2
    • Configure Windows Firewall Rules

Active Directory

Extending Active Directory Schema’s

Mount the Configuration Manager installation media on your Domain Controller. if you have multiple domain controllers, make sure that you are connected to the Domain Controller that is holding the Schema Master Role. The user that is extending the schema need to be member of the Schema Admins group.

Browse the ConfigMgr installation media G:\SMSSETUP\BIN\X64


Now right click the extadsch.exe and run as Administrator. This process is usually very fast and create a log file ExtADSch.log on the root of the C:\ Drive.


Create Security Groups

For the sake of control and easy management I like to create some security groups that we will use later in this post.

  • ConfigMgr1511-Servers
  • ConfigMgr1511-Admins
  • SQL-Server-Admins

if you are planning to enroll Mobile Devices and Macintosh Computers in your environment, it might be good as well to have some specific security groups created to enroll certificates. Same counts for AMT Provisioning.

  • ConfigMgr-MacEnrollers
  • ConfigMgr-MobileEnrollers
  • ConfigMgr-AMTProvisioning
Create Service Accounts for SQL

During the installation of SQL Server, you will need to provide service accounts for the different SQL Services

  • SQL Server Agent – cmsqlasa
  • SQL Server Database Engine – cmsqlsa
  • SQL Server Reporting Services – cmsqlrsa
Create System Management Container

This is the last step that need to be performed on our Domain Controller. Open ADSI Edit and create a new object under the System OU.


Select the container class for your object and click next.


Enter the name of the container “System Management” in the Value textbox and click next.


Complete the wizard, close it and open Active Directory Users & Computers to configure a delegation on the folder. In AD Users & Computers, you will need to make the Advanced Features visible, so in the menu on the top, click on view and select Advanced Features.

Now you will be able to see the System OU, browse to the System Management container.


Right click it and open the delegation control wizard.


Add the security group “ConfigMgr1511-Servers” and click Next.


Select Create a custom task to delegate and click Next


Select This folder, existing objects in this folder, and creation of new objects in this folder and click Next.


Under Permissions: select Full Control and click Next.


Review the delegation and click Finish.


Installing Windows Server Roles & Features

The installation of the prerequisites is actually a pretty straight forward thing to do. There are many ways that you can install the Roles & Features. For example, if you are not familiar with PowerShell it’s very easy to install the Roles & Features via the Server Manager. Although, there are some amazing solutions that has been provided by & for the Community. I will not discuss the manual way of installing the Roles & Features but will show you 2 possible ways.

Using PowerShell command lets.
  • Install-WindowsFeature Web-Windows-Auth
  • Install-WindowsFeature Web-ISAPI-Ext
  • Install-WindowsFeature Web-Metabase
  • Install-WindowsFeature Web-WMI
  • Install-WindowsFeature BITS
  • Install-WindowsFeature RDC
  • Install-WindowsFeature Web-Asp-Net
  • Install-WindowsFeature Web-Asp-Net45
  • Install-WindowsFeature NET-HTTP-Activation
  • Install-WindowsFeature NET-Non-HTTP-Activ
  • Install-WindowsFeature NET-Framework-Features -source Drive:\sources\sxs
Using the ConfigMgr Prerequisites Tool 1.4.2

Nickolaj Andersen developed a very nice tool which he frequently updates and it’s very reliable. You can download the tool here.

Start PowerShell as an administrator and execute the script.


The script will do 4 validation checks. It will check if the current user is a member of the local Administrators group, see if there’s any pending restart, check the Operating System if it’s supported and also check the PowerShell version if that’s supported. When every check is green, switch to the Primary Site tab and click Install on the right side bottom.


This will start and monitor the installation of the required Roles & Features. When this is done, close the Tool and continue with the next step.


Configure Windows Firewall Rules

In a later post we will install SQL Server, therefor we need some firewall ports configured.

Open PowerShell as an administrator and type the lines below, This will create the firewall rules that are required for SQL Server Communication.

In the next post we will continue with the installation of MDT & W10 ADK.

Leave a Comment

Your email address will not be published. Required fields are marked *