mine_detector

I had to build a ConfigMgr lab in Azure for an upcoming customer project, so I’ve been collecting notes as I go.  It is likely that I will update this over time as I learn better ways of doing this, so if this is helpful to you, please check back from time to time for updates. – Thank you!

Revisions

  • 03/25/2016 – First release
  • 03/25/2016 / 15 minutes later – Added missing sections for “Configure CM01” as well as missing parts describing AD user/service accounts, and creating the system management container.  oh my God I need more coffee.
  • 03/25/2016 — 8:30 PM EDT – changed format to make easier to read.  Also removed unnecessary detail for the bulk of installing SQL, WSUS, ADK, etc.  Those are already well-documented on sites like WindowsNoob, SystemCenterDudes, and others.

Goals

Build a System Center Configuration Manager 1511 primary site instance in Microsoft Azure.  This will consist of creating the following virtual machines in a common subnet:

  • AD Domain Controller
  • SCCM site server w/SQL Server
  • File Server

Preliminary

  • Determine ConfigMgr Site Roles to be utilized
  • Decide which sources to use for installing SQL Server, and ConfigMgr
    • MSDN, TechNet Eval, etc.

Notes

  • This guide is written for people who are not experts with using Azure.  Some steps may be accomplished using other routes or methods, which is fine as long as the end result works.
  • Do not use the SQL Server installer from the Azure Marketplace.  This will incur two (2) combined costs: SQL and Windows VM licenses.  Use a minimal VM (e.g. Basic-A3) and a separate SQL installation source.
  • This lab is intended for proof-of-concept only, and for managing Azure-hosted resources only.  Strongly recommend you do NOT use an Azure hosted ConfigMgr site server to manage on-premises resources due to data egress costs and latency.
  • Unless money is no concern, be sure to power down your VM’s when finished, so you avoid using up credits too quickly.
  • Use the newer Azure portal rather than the older “classic” portal.  Avoid using “classic” Storage, Networks or Virtual Machines as well.
  • This guide was created based on the available features and capabilities of Azure at a specific “point in time”.  Azure is evolving, so some features may change over time.
  • When creating new resources (e.g. Virtual Machines) use the “+ New” link at the top above the “All Resources” detail panel.  When adding Virtual Machines, you have to search to select ‘Windows Server 2012 R2 Datacenter”

Process

  1. Log into Azure management portal (New Portal)
  2. Create a new Resource Group
    1. Name = CMLAB
  3. Create a new Virtual Network
    1. Name = CMNET
    2. Address space: 10.0.0.0 /16 (default)
    3. DNS Servers = Azure DNS (default)

Create New Virtual Machines

  1. Name = DC1
    1. Purpose = domain controller for lab AD forest
    2. Size = Basic A2 (green)
    3. Configure IP = Static / 10.0.0.4
  2. Name = CM01
    1. Purpose = ConfigMgr 1511 primary site server
    2. Size = Basic A3 (green)
    3. Attach Disk = 1023 GiB
    4. Configure Static IP
      1. Select CM01 in resources list
      2. Select “Network Interfaces”
      3. Click on “…”
      4. At far -right under “Settings”, select IP Addresses
      5. Verify subnet is set to 10.0.0.0 subnet
      6. Change Assignment from Dynamic to Static
      7. Enter IP 10.0.0.5
      8. Click Save
  3. Name = FS1 (optional)
    1. Purpose = File Server
    2. Size = Basic A1 (green)
    3. Configure Static IP

Configure DC1

  1. Connect to VM DC1 and login
  2. Add Server Role: Active Directory Domain Services
  3. Promote to DC / New Forest = contoso.com
  4. Restart

Update Azure lab DNS

  1. Select “All Resources”
  2. Select Network “CMNET”
  3. Select “DNS Servers”
  4. Switch from Azure DNS to Custom DNS
  5. Primary DNS server = (IP of DC1 or 10.0.0.4)
  6. Click Save
  7. Select CM01, Network Interfaces, DNS Servers
  8. Verify “Custom DNS” is 10.0.0.4 (if not, set it and click Save)

azure_cm01.PNG

Prepare Active Directory

  1. Connect to DC1 and login
  2. Open Active Directory Users and Computers
  3. Run your own custom PowerShell script to build out OUs, etc. or manually…
    1. Examples:
      1. Create OU’s
        1. CORP\Users, Groups, Servers, Workstations, etc.
      2. Create User accounts
        1. sql-svc
        2. cm-naa
        3. cm-domjoin
        4. cm-client
        5. sccmadmin
      3. Create Groups
        1. SQL Admins
        2. SCCM Admins
        3. SCCM Servers
        4. Intune Users (optional)
      4. Add Users to Groups
      5. Pre-create Computer accounts (optional, but recommended)
        1. CM01
        2. FS1
      6. Add CM01 to SCCM Servers (unless you plan to directly delegate permissions to CM01 on System Management container)

Create System Management Container

  1. Log onto DC1
  2. Open ADSIEDIT
  3. Click on Connect (accept defaults and click oK)
  4. Expand down to \System
  5. Create new object / Container
  6. Name = System Management
  7. Finish
  1. Open Active Directory Users and Computers
    1. Select View / Advanced
    2. Expand domain\System
    3. Right-click “System Management” container
    4. Select “Delegate Control…”
      1. Next
      2. Click Add
      3. Select group “SCCM Servers” / click OK / Next
      4. Select “Create a custom task to delegate” / Next
      5. Click Next
      6. Select “General”, “Property-specific” and “Creation/deletion…”
      7. Check “Full Control” box
      8. Click Next
      9. Click Finish

Configure Virtual Machine CM01

  1. Create “no_sms_on_drive.sms” file on C:
  2. Attach and Format new disk (e.g. E:)
  3. Create E: drive folders (examples):
    1. ADK
    2. ConfigMgr
    3. Logs
    4. MDT2013
    5. Sources
    6. SQLData
    7. WSUS

From here on out, follow your standard process for finishing up the installation:

  • Installing SQL Server
  • Configuring SQL Server memory limits
  • Adding the WSUS role
  • WSUS post-install configuration
  • Extending the AD Schema
  • Installing Configuration Manager

Thank you!

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s