Over the past three months, I’ve built, rebuilt, re-rebuilt, and re-re-rebuilt my System Center labs about a octobillion-million times.  Okay, to be honest, about a dozen.  But still…

Hydration kits are cool, and very useful, but for many of my projects, the variances are too much to use a one-size-fits-all kit approach.  So, I’ve been building my own demented set of tools to make the builds less painful.  One key aspect of just about any approach, hydration, or otherwise, is the command-line, or CLI.

PowerShell is just one obvious part of this.  But pretty much any CLI tool is fair game, from the familiar ones like dism, mkdir and sc, to the less common like dsacls.

Most of my concoction is based on PowerShell scripts which read from a collection of CSV input files.  The CSV files contain parameters to create OU’s, computer and user accounts, groups, sites, site links, and subnets, etc.  Most of those are iterative, or set-oriented.  Whereas some tasks are one-off, so I use dedicated “code chunks”, as I call them.

For example, creating the root Forest domain and related DNS trimmings, I use the following chunk.  I tossed in DHCP because I typically run that from my DC for more realistic landscape (using Hyper-V on Windows 10).

Write-Host "configuring windows firewall..."
Set-NetFirewallProfile -Name Public -Enabled False
Set-NetFirewallProfile -Name Private -Enabled False

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

Import-Module ADDSDeployment

Install-ADDSForest -DomainName "contoso.com" -DomainNetBiosName "CONTOSO" `
 -DatabasePath "C:\Windows\NTDS" -LogPath "C:\Windows\NTDS" `
 -DomainMode Win2012R2 -ForestMode Win2012R2 -SkipPreChecks -InstallDNS `
 -SysvolPath "C:\Windows\SYSVOL" -Force -NoRebootOnCompletion
Install-WindowsFeature DHCP -IncludeManagementTools


The SCCM publishing container

One of the preparation steps for deploying System Center Configuration Manager (SCCM) is creating an Active Directory container object and granting permissions to it which enable the SCCM Management Point servers to publish information to it.

The most common approach is using ADSIEdit, and the Active Directory Users and Computers (ADUC) console. But here’s another option.  This would be processed on a domain controller, either directly or via WinRS, etc.

Import-Module ActiveDirectory
$cmhost = "P01"
$rootPath = ([ADSI]"LDAP://RootDSE").defaultNamingContext
$check = Get-ADObject -Identity "CN=System Management,CN=System,DC=contoso,DC=com"
if ($check -eq $null) {
  Write-Host "creating container..."
  New-ADObject -Type container -Path "CN=System,$($rootPath)" -Name "System Management"
  Write-Host "granting publish rights for site server account..."
  dsacls "\\localhost:389\cn=system management,cn=system,$($rootPath)" /G "$cmhost":GA /I:T
else {
  Write-Host "container already exists."

Anyhow.  As I continue to tweak, adjust, refine, fold, spindle and mutilate the code soup I’m doing, I’ll post pieces of it here.  That will depend on the level of interest however.  So, let me know if this stuff interests you or bores you to sleep.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s