Installing Prerequisites for Configuration Manager
In this post we will see the steps for Installing Prerequisites for Configuration Manager. We will also see the steps to create a system container, assign permissions for SCCM server on the container and extend the active directory schema.
In my previous post I talked about the new features of Configuration Manager and the system requirements for installing configuration manager 2012 R2. Before you can install Configuration Manager you should extend your Active Directory and give your SCCM server rights to create objects under the system container in AD.
Does Configuration Manager creates System Container automatically ? – Configuration Manager does not automatically create the System Management container in Active Directory Domain Services when the schema is extended. The container must be created one time for each domain that includes a Configuration Manager primary site server or secondary site server that publishes site information to Active Directory Domain Services.
Creating the System Management Container
We will first create the system management container and assign the SCCM server permissions to create objects under the system container.
The domain controller is running on windows server 2012 R2 DataCenter edition operating system. To create a container log on to the Domain controller with administrator account, click on Server Manager, Tools, click on ADSI Edit.
Right click ADSI Edit and click on Connect to. On the Connection Settings window, the naming context should be Default naming context. Do not change anything here, click on OK.
In the ADSI Edit Console, expand the Default Naming Context, right click CN=System, click on New and create an Object.
On the Create Object windows, select the class as container and click on Next.
Provide the value as System Management. Click on Next and click on Finish to close the wizard.
Now that we have created the system management container, we must grant the site server’s computer account the permissions that are required to publish site information to the container. The primary site server computer account must be granted Full Control permissions to the System Management container and all its child objects.
Click on Server Manager, click on Tools, click on Active Directory Users and Computers. Click on View and click Advanced Features. Expand System, right click System Management and click on Delegate Control.
The primary site server computer account must be granted Full Control permissions to the System Management container. Click on Add, on select users,computers or groups window click on Object Types and check for Computers as object types. Click on OK. Type the name of the primary site server computer account and click on OK.
You must see the primary site server computer account listed under the users or groups. Click on Next.
On the Tasks to Delegate page, click on Create a custom task to delegate. Click on Next.
On the Active Directory Object Type window, select the option This folder, existing objects in this folder and creation of new objects in this folder. Click on Next.
We need to select the permissions to delegate, choose General, Property Specific and Creation/deletion of specific child objects. Under the permissions, click on Full Control.
When you check the box for Full Control all the other permissions gets checked automatically. Click on Next and click on Finish to close the wizard. We have delegated full permissions to primary site server computer account on System Management container.
Extending Active Directory Schema
To extend the Active Directory Schema using extadsch.exe utility, locate the extadsch.exe which can be found in SMSSETUP\BIN\X64 of the configuration manager setup DVD. Hold the shift key on your keyboard and right click extadsch.exe and click on Copy as Path.
Launch the command prompt. Right click and click paste and hit enter. You should see the line Successfully extended the Active Directory Schema.
To verify whether schema extension was successful, open the log file extadsch.log located in the root of the system drive. You should see the line Successfully extended the Active Directory Schema.
Installing Prerequisites for Configuration Manager
After creating system management container, assigning site server computer permissions on container, extending active directory schema we will now start installing prerequisites for configuration manager. I will be listing out the download links for all the prerequisites at the end of this post.
On the SCCM server, click on Server Manager, click on Manage, click on Add Roles and Features. Click on Select a server from the server pool and click on Next.
Select Web Server (IIS) as the server role and click on Next.
You need to enable the following features for installing configuration manager 2012 R2 on Windows server 2012 R2
- .Net Framework 3.5 Features [Install all sub features]
- .Net Framework 4.5 Features [Install all sub features]
- Remote Differential Compression
Note :- Microsoft lists the prerequisites that are required by Configuration Manager for each site system role on supported operating systems prior to Windows Server 2012 and for Windows Server 2012.
Once you select the features listed above, click on Next.
Install the following Roles Services and click Next.
- Common HTTP Features – Default Document, Static Content.
- Application Development – ASP.NET 3.5, .NET Extensibility 3.5, ASP.NET 4.5, .NET Extensibility 4.5, ISAPI extensions.
- Security – Windows Authentication.
- IIS 6 Management Compatibility – IIS Management Console, IIS 6 Metabase Compatibility, IIS 6 WMI Compatibility, IIS Management Scripts and Tools.
If the installation of roles services needs the windows server 2012 installation media click on Specify an alternate source path and provide the path as D:\Sources\sxs (where D is the drive letter where the Windows Server 2012 R2 media is mounted).
Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1
The Windows Assessment and Deployment Kit (Windows ADK) is a collection of tools that you can use to customize, assess, and deploy Windows operating systems to new computers. The latest version out there is ADK 8.1 and you can find the download links at the end of the post.
Download the adksetup.exe, right click on the file and click on Run as Administrator. On the Specify Location page, choose the install path. Click on Next.
Click No for Join the Customer Experience Improvement Program. Click on Next.
On the License Agreement page, Click on Accept.
Select Deployment Tools, Windows Preinstallation Environment and User State Migration Tool. Click on Install.
We have installed the Windows Assessment and Deployment kit for Windows 8.1. Click on Close.
Dear Prajwal Sir,
Thanks for your article on installing and configuring the SCCM server and extending Active Directory Schema for SCCM.
Here my doubt, Can you please tell me in which server (Domain Controller or SCCM Server) do we need to configure this EXADSCH.exe ?
You can run on either DC or SCCM server. But I would suggest run it on SCCM server.
Straight to the point. I appreciate all the effort made to make SCCM deployment straightforward and easy. I would appreciate if you share your Youtube channel (if you have any).
When I am trying to install IIS server, it fails. I don’t know why?
Thanks for the excellent article.
Could you please make article on creating DC please.
I am getting below error while installing windows ADK
an error occurred while installing “USER STATE MIGRATION TOOL ”
Unable to bethel integrity of downloaded content..it mibht be corrupetd .
as I try to install windows ADK but I am getting below error
An error occurred while installing “USER STATE MIGRATION TOOL””
Unable to verify the integrity of downloaded content.. It be corrupted ..
Do we need SQL server as well for SCCM 2012? you did not show here as prerequisite.
Extending Schema failed. How to fix it?
What is the error ?.
Can we get link to download for adk 10
Let me know if this helps – https://www.prajwaldesai.com/windows-10-adk-versions/
Thanks for learning SCCM. i have some Question. i want install sccm 2012 r2 on windows server 2012 r2 for deploy windows 7 images. which ADK version should i install? is microsoft ADK for windows 10 version 1803 support windows 7 images, or not? please help me.
You can use latest version of Windows ADK always. I think Yes, that should support Windows 10 v1803.
I have tried installed of ADK 10 but it failed prerequisites run saying required windows ADK 8.1 for sccm 2012 R2
Share the Download links to setup a SCCM Lab Environment
please tell me where i download SCCM configuration manager
Can you please send
SMSSETUPBINX64 of the configuration manager setup link For download i unable to find it
Thank you soo much for this detailed description.
It is really helpful.
I am a fresher and learning to do this by going to your page.
While extending the Schema, it is asking me to select the Primary Site Server Account.
I need your help.
Please help me with the steps to create this Primary Site Server Account so that I can extend my schema.
May I know on what server are you extending the schema ?.
very well done. thanks for detailed post
Thank you Esra
great blog i must say
Unknown computers in the devices section of sccm are NOT visible in the unknown computers group, instead they are located in all systems devices group and when I want to deploy a task sequence I cant not see unknown computers x64 and x86 in the unknown devices group. what should be done here!
I just want to clarify, In what server should I install the windows ADK 8.1 and what server should I need to extend the Active directory schema?
Do I need to extend AD schema on the server where I configure the SCCM or on my DC?
Do I have to run ADK on the server where I configure my SCCM or on my DC?
Thanks and more power!
Looking for a quick reply buddy!
your site is such a helpful resources.
you can extend the schema on either AD or on any member server. It can be SCCM server as well. Just remember that the account used to extend schema should be member of schema admins group. Regarding ADK, install it on server where you are planning to install SCCM. ADK should not be installed on DC server.
I’m a trainee, I started learning things just now. Anyways, thanks for the suggestion.
This is not required. If you are following my step by step sccm guides, I have posted the steps to perform such steps.
To extend schema a user account must be member of schema admins group in AD. You may extend the schema on sccm server as well, there is no rule that it has to be done on AD server only. My question was related to the accounts used in both cases.
A local admin doesn’t have the rights to extend schema. The user account used for extending schema should be a member of schema admins group in active directory.
Thank you for the help
I am running sccm 2012 on server not the DC, do I need to add AD to server that’s running sccm on the DC only?
I tried to extend the AD schema on sccm server, but, it did not work. I tried the same on domain controller and it worked fine. Where am I going wrong, Please help me.
Did you use the same user account in both cases ?.
you did it right, you ONLY extend the schema on AD DC – you don’t have a schema on the sccm server. not sure why prajwal responded that way.
I have tried extending the AD scheme on sccm site server being logged in as sccm local administartor.
I have two different machines with server 2012 r2 installed on them, one is the Domain Controller and the other is the SCCM site server. When I try to extend the AD schema on DC, it is successful, but, doing the same on site server is a fail work.
Is it okay to extend the schema on the Domain Controller and install the SCCM on another machine ( in my case, SCCM site Server) ?
As per the above mentioned process of your’s, I came to a conclusion that you have two different machines, one as the Domain Controller and the other as site server(prajwalsccm).
when i try to extend the schema on site server, it shows up the error
Modifying Active Directory Schema – with SMS extensions.
Unable to connect to RootDSE – Cannot update Active Directory. Error code = 1355.
Failed to extend the Active Directory schema, please find details in “C:ExtADSch.log”.
do not put sccm on your domain controller – ugh…maybe you shouldn’t be playing with these technologies…that is basic knowledge.
Nope, the installation is same. The newer versions of ADK include many other options during installation, but you can ignore them.
Currently I got a project as an intern where I need to Configure and install SCCM and WSUS to push forward driver & Microsoft updates. Following your guide has really been helping me a lot. I saw that there is an ADK for Windows 10 available does the installation and configuration process Differs from the one given above?
My VM cannot access the Internet. How do I install ADK in offline?
If I run this adk on my offline VM, it always show errors. (The error occurred while installing “Documentation”.) Error information is “Unable to verify the integrity of downloaded content. It might be corrupted. Please check your network connection and try again.”
I think I use the correct adk for installing, but it seems it needs network connection for setup. How do I install adk offline? Where is going wrong?
You can run the ADK setup on the machine which has internet and you can download the installation files. Zip them and install ADK on VM that has no internet connectivity.
Or You can use ConfigMgr Prerequisites Tool 2.0.1
Hi Prjawal ,
I am new to the design and implementation of SCCM 2012 R2 . I have worked only in the functionality used in the SCCM console. Now I have been asked to design and implement the SCCM 2012 to an IT organisation. What are the details now I need to ask them to define the hierarchical structure. Please help me.
Windows ADK is a set of tools and documentation that support the configuration and deployment of Windows operating systems. Starting in Configuration Manager SP1, Configuration Manager uses Windows ADK to automate Windows installations, capture Windows images, migrate user profiles and data, and so on.
Yes it is good to have adk installed.
Hi Prajwal, It’s a great blog to start learning SCCM from scratch and it helped me a lot.
Quick ques: Why do we need Windows ADK? I am setting up SCCM 2012 R2 on VMware lab running Server 2008 R2. Do I need to run it? What is it useful for?
Great site! Quick question: if my hierarchy includes a CAS, should I just install the Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1 on the Primary Site Servers? I don’t need to install that on the CAS, right?
Found the answer to my question here: https://technet.microsoft.com/en-us/library/gg682187.aspx
Windows ADK is required on the CAS too.
Thanks Jeff. Yes ADK is required at the top level (CAS)
Thank you very much Prajwal Desai. I’m a student and I need to implement SCCM 2012 R2 in a network. You posted a link to download System Center 2012 R2 and Configuration Manager 2012 R2. Do you need to install System Center 2012 R2 before you install Configuration Manager 2012 R2?
Do you need to install System Center 2012 R2 before you install Configuration Manager 2012 R2 – System Center Configuration Manager 2012 R2 and Configuration Manager 2012 R2 are one and the same 🙂
Super useful! There is a minor typo: extadsh.exe should be spelled extadsch.exe
Thank you so much. I have corrected it.
Can I install on w2k12 standard edition?
Thanks for your good document in sccm 2012.
Am getting error while installing the windows 8.1adk file, after selecting the 3 roles, it is asking for toolkit documentation _86 enu.msp file location. I don’t have internet connection at that time.
Can you help on this.
If you have any offline files for sccm please share.
Looks like you have not downloaded the files correctly. Either download the all the files (so that you can install offline) or during the ADK install it will download the required files. I have got the ADK offline but it is too big in size (+2.8GB)
Operation failed. Error code 0x8007054b The specified domain either does not exist or could not be contacted
Operation failed. Error code 0x8007054b The specified domain either does not exist or could not be contacted? after step 2
Did you check the event viewer for the event ID ?. When you say after step 2, is it while connecting to default naming context ?.
You are the best. Best wishes for you and your family.
Hi Prajwal,Thanks a lot Really Helpful Document…..I started learning sccm from seeing your blog . thank q so much
Thank you Naresh. Could you also register to the forums – https://www.prajwaldesai.com/community/
Thanks for such a useful guide. I have one question. Can i install SCCM offline. If yes than please let me know the full sccm 2012 software. Because existing one is asking to download the components from internet.
@Aditya – SCCM needs some prerequisites during the installation. you could download the updates and store it in a folder. Once you download just provide the path of these stored updates.
On the SCCM setup page window, you need to click on get latest configuration manager updates to download the updates.
Hi Prajwal, two quick questions for you. What is the recommended disk configuration for the Site Server, I see that you have mentioned in the below comments about having two disks, one for OS and one for Data. What size would you recommend each one be?
Also is it recommended to create multiple AD accounts for different tasks? Like an account for Domain Joining and another for Network Access during OSD if so could you tell me which accounts you created for which task?
I look forward to your response! Also thank you for creating these awesome guides!
Thanks for the post!
On your sccm server, I see that you have only one partition (your c:), i wonder if it would be ideal to have a separate drive for some other installations. For example, having my adk path on e: instead.
Also, i have seen other people sharing their source files but on a separate drive (for example: \sccmservername$sources). Will you be creating a separate drive some point in your installation guide? I cant seem to find that information. Thanks!
Hi, I use other drive than C: to store the data such as Updates, applications and other tool. In this post I might have downloaded the ADK directly to C drive as its just a prerequisites.
I have used the other drive (not C:) in many of my posts.
Thanks for the prompt reply Prajwal!
If the user account that you are using a member of schema admins group then you shouldn’t have issues in extending the schema. Could you tell me on which machine are you running the command and post the screenshot if possible.
I created two VMs. One for the DC and the other for SCCM/SQL. I ran the command on the SCCM VM. I even ran it on DC VM too just to see and the same thing happened.
First of all, thank you for taking time to do this. It is appreciated. I just started the installation of SCCM. I am using Virtual machines
My first is on extended the Active Directory Schema. I received ‘this app can’t run on your PC’ and ‘Access denied’ when I ran the extadsch.exe. Have you ever came across such problem? I know I have permission. My account is a member of schema admins.
I am managing sccm 2007 R2 environment and plan to migrate to 2012 R2. Do I still want to create a separate system management container and run Schema edit.
No that’s not required. For the new SCCM site use a different site code.
@abk – I don’t have the interview questions with me buddy. Incase I get any I will surely share with you 🙂
I am beginner in SCCM and keen to learn the SCCM architecture. This article really helped me a lot in learning the SCCM.
Can you please share some basic interview questions and answer 🙂 on SCCM architecture
You have to go through this link – http://technet.microsoft.com/en-in/library/gg682077.aspx
thanks for this document, it’s really helpfull!
i would like to know if you can help me to get the right prerequisites to install SCCM 2012 R2 on windows server 2008 R2.
A link where i can get the right one with valid Hotfix.(i’m working on VMware)
u hav added the entire computer while givin container permissions!!!!. we r gettin error when i choose the computer. that field is to add users or user grp, right ?can i give the admin user instd of computer ?
ur machine is sccm , admin user is sccmadmin and in that window , it appears as prajwalsccm !!!!!!!!!!!
@Manish – It has to be the computer name and not the user account.
Hi Thanks Really Helpful Document
Hello and thanks for this info.
Can this setup work with server 2012 (not R2)?
Check the prerequisites required on 2012 and then proceed.
Thank you Prajwal.
I’ll go with Option 2 and just back up the VMs with DPM after I get it all set up then.
Thanks for responding! Your guides are awesome!
Since I already have it installed on the physical box that’s hosting the DC and FS, would you recommend that I just continue to configure it as is then?
My main goal is to protect the FS with DPM and SCEP that’s included with the bundle.
you can do 2 things :-
1) Install the SCCM on a VM and remove the existing SCCM.
2) Continue with the existing setup but make sure that VM’s are always powered on and backed-up.
VM 1(DC) is a tertiary Domain Controller in our network that currently has WSUS installed, which I’m hoping to eventually connect to System Center 2012 when I finish all installations.
VM 2(FS) is a standard File and Web Server.
I do plan to connect/manage these two machines to System Center so I can use DPM and SCEP.
So currently SCCM is installed on the physical server that’s hosting the DC and FS. I already went through the prereqs and stopped at 9 of your Step by Step Guide.
The more I think about it, the better it sounds to just install System Center on on the virtualized DC since I have WSUS and other things already configured on it.
Is it possible/OK to install SCCM on a VM DC? Or is that considered taboo?
No do not install nstall SCCM on a VM DC, install it in a separate VM.
Thank you so much for the detailed guides that you have posted. I have an interesting situation and was hoping to get your opinion on it before I made any further changes.
We have a physical server that’s main purpose is to host two VMs, a DC and a FS. I didn’t do a thorough enough research and have already installed ConfigMgr and SQL Server 2012 Standard on the physical machine without first doing the prereqs. I’m doing a bit of backtracking right now with your guide and got to the section where you delegate permissions to a computer account. I’m not sure what I would put in my case. When I installed SQLServer, I created a domain admin named SCCMadmin and used that domain account for all the SQL services….should my computer account just be the name of the physical server I have everything installed on?
Sorry this is such a complex response….
Before i answer, can you tell me what are these 2 vm’s “DC and a FS.” what is that DC that you have installed in VM and is this machine linked with you SCCM & SQL ?
i wanna ask one question i am going to install scom 2012 r2 with sql 2012 sp1 on one server and will use only domain administrator account for all setup. i know this not a good practice.my question is do i need to create container in ad . if yes what will be added there …
Why is the container required ? you need to create a container while installing SCCM 2012, not SCOM.
im tring to build an sccm lab, using server 2012, sql201 and sccm 2012, everything is isntalled on one server and installs ok, ive installed windows adk 9.1, however it fails the prerequisite check, i get anerror that its installed but fails the check, what could be the problem
windows adk 9.1 ? I believe its windows ADK 8.1 .. Create a ticket here https://forums.www.prajwaldesai.com/ and attach the screenshot with the ticket.
Your site is amazing, I just started the Step by Step Guide in my lab enviorment to get my site up to date with System Center. I will keep in touch to let you know how everything goes and thaks again for the site and information.
Thank you Dwayne McGordon 🙂 I will be happy to help you..
Thanks you very much.
just two points :
– be sure to be Domain admin / Schema admin.
– SQL Express not supported for Central administration site
This site have very useful & helpful articles. Thanks.
hi prajwal , what is windows adk 8.1 , what is it’s use
The Windows Assessment and Deployment Kit (Windows ADK) is a collection of tools that you can use to customize, assess, and deploy Windows operating systems to new computers.