To be able to install SCCM 2007 R2 we need to fullfill some pre-requisites and implement some best practices. In this article I will describe those two relartion to Microsoft Active Directory.
1. Active Directory Preparation
To have a save environment for SCCM 2007 R2 as well as for SQL Server 2005 it is a best practice to create server accounts. These accounts need to be created and will be used during the installation of SQL Server 2005 and SCCM 2007 R2. These accounts will have to be high secure as they will have "Domain Admin" permissions form within the Active Directory
1.1 Active Directory Users and Computers
Within the “Active Directory Users and Computers” snap-we need to create two groups. In this article we also create two new active directory OU's in which we will place the to be created accounts and groups.
1.1.1 Admin OU's
The creation of Ou's within the "Active Directory Users and Computers" snap-in:
Select with a right click the root of the domain and select the option: %Domainname%\New\Organizational Unit
From the wizard that appears enter the following value: Admin Groups
Click on à OK to actually create the OU
Repeat the steps but now create an OU with the value: Admin Users
1.1.2 Admin Groups
The creation of Admin Groups within the "Active Directory User and Computer" snap-in:
Select with a right click the the OU named “Admin Groups” en select the option: %Domainname%\New\Group
In the wizard that appears enter the follwing values:
Group Name: SQL-Admins
Group Name (pre-Windows 2000): SQL-Admins
click on à OK to actually create the “Group”
Repeat these steps but now create a group with the values:
Group Name (pre-Windows 2000): SCCM-Admins
This will result in having the two groups created:
1.1.3 Add the "Admin Groups to the “Domain Admins” group
To have the correct permissions for user accounts member of the Admin Groups we will add the newly created groups to the "Domain Admins" group.
In the OU “Users” the group “Domain Admins” with a right click and select the option "Properties”
Click “Add” to add the created groups:
· SCCM-Admins
· SQL-Admins
Click on à OK to save changes
1.2 Admin Accounts
Within the installations of SCCM 2007 R2 and MS SQL 2005 we will use admin accounts to be able to logon and manage the different systems therefore we create two accounts. These accounts will have "Domain Admin" permissions as these will be added to the previously created groups. This means that the password used for these accounts will have to high secure.
Creation of the "Admin Accounts” for SCCM 2007 and SQL Server 2005 from within the "Active Directory Users and Computers" snap-in:
Select the OU named “Admin Users” with a right click and select the options: “Admin Users”\New\User
In the wizard that appears enter the following values:
First Name: SQL
Last Name: User
Full Name: SQL Admin
User logon name: SQL-Admin
User logon name (pre-Windows 2000): SQL-Admin
Click on à Next
Enter the password for this user and select the option:
(X) Password never expires
Click on à Next
Click on à Finish to create the account.
Repeat these steps to create anbother account with the following values:
First name: SCCM
Last name: Admin
User logon name: SCCM-Admin
User logon name (pre-Windows 2000): SCCM-Admin
1.2.1 Group Membership "Admin Accounts"
The created accounts will be added to the correspondig groups also created. It is a Microsoft best-practice to assign permissions to groups instead of single user or computer accounts.
Add the "Admin Accounts" to the correct groups:
Open the properties of the group "SCCM-Admins"
Select the tab “Members”
Click on -- Add to add the follwoing accounts:
SCCM-Admin
· %Computername% of the computer that will be deployed as the SCCM 2007 R2 Server
Click on à OK to save your changes
Open the properties of the group "SQL-Admins"
Selecteer the tab “Members”
Click on à Add to add the following account:
· SQL-Admin
Clik on à OK to save your changes
This concludes the preparation within Active Directory so far. Later, during the installation of SCCM 2007 R2, we will return to do some more AD Preparation. The created groups and user accounts can now be used within the installation of SQL Server 2005 and SCCM 2007 R2.
No comments:
Post a Comment