Creating a Configuration Manager LAB Environment – Part 2 – Installing a Management Server

Share This Post

In these series of posts, we will go through the steps required to install Configuration Manager in a simple LAB environment.  The LAB environment will be referenced in future posts as we explore Configuration Manager further. See Part 1 for an overview of the LAB environment.

Last time we got our Domain Controller up and running and in this post we will install a Management server for administrations purposes. This is an optional step in the series, but it makes life a lot easier having a single server with all the required management tools. LABADM01 should be used for this purpose and should only have the operating system installed.

Quick Jump:
Part 1 – Overview and Domain Controller installation
Part 2 – Management Server Installation
Part 3 – Installing SQL Server
Part 4 – Configuration Manager Prerequisites
Part 5 – Installing Configuration Manager

Basic Server Configuration

Since setting up the management server is rather straight forward and an optional component in the series, we will automate the process with PowerShell. Like before we will setup the networking then install the required management tools.

Issue the commands below to set the computers IP address or specify it manually.

Rename-Computer -NewName LABADM01
Write-Host "Computer Name Changed"
$AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
Write-Host "Disabled IE Enhanced Security Configuration"
New-NetIPAddress -InterfaceAlias "Ethernet" -AddressFamily IPv4 -IPAddress -PrefixLength 24 -DefaultGateway
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses
Write-Host "IP address and DNS set"
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
Write-Host "Enabled Remote Desktop"

Next, issue the following command to install all the required management tools:

Install-WindowsFeature -Name RSAT-ADDS, RSAT-ADDS-Tools, RSAT-AD-Powershell, RSAT-DHCP, RSAT-DNS-Server, RSAT-ADCS, RSAT-ADCS-Mgmt, RSAT-NPAS, GPMC, Telnet-Client, RSAT-ADLDS -Verbose

The final step is to join the Management Server to the domain by executing the following PowerShell command. Enter the LAB\Administrator credentials when prompted. The server will automatically restart.

Add-Computer -DomainName "lab.local" -Restart

Active Directory Structure

Now that we have our Management Server up and running, lets create a structure in Active Directory for our Servers, Clients and Users. Create a structure manually by opening Active Directory Computers and Users (dsa.msc) from Server Manager or from Administrative Tools in the Control Panel or Start Menu. The script below can be used to create a simple Structure.

New-ADOrganizationalUnit -Name "LAB" -Path "DC=LAB,DC=local"
New-ADOrganizationalUnit -Name "Servers" -Path "OU=LAB,DC=LAB,DC=local"
New-ADOrganizationalUnit -Name "Clients" -Path "OU=LAB,DC=LAB,DC=local"
New-ADOrganizationalUnit -Name "Resources" -Path "OU=LAB,DC=LAB,DC=local"
New-ADOrganizationalUnit -Name "Users" -Path "OU=Resources,OU=LAB,DC=LAB,DC=local"
New-ADOrganizationalUnit -Name "Admins" -Path "OU=Resources,OU=LAB,DC=LAB,DC=local"
New-ADOrganizationalUnit -Name "Service Users" -Path "OU=Resources,OU=LAB,DC=LAB,DC=local"

Use the following script to remove the Active Directory Example Structure and any sub OU’s within it.

$OUs = Get-ADObject -Filter * -SearchBase 'OU=LAB,DC=LAB,DC=local' 
Foreach ($OU in $OUs) {
    Set-ADObject -ProtectedFromAccidentalDeletion $false -Identity $OU
Remove-ADOrganizationalUnit -Identity "OU=LAB,DC=LAB,DC=local" -Recursive -Confirm:$false

In part 3 we will be installing SQL Server to host the Configuration Manager database.

Want To See More?

Azure AD

Access Reviews with On-Premise Groups

In some of my earlier post I have talked about Access Reviews that are part of the Identity Governance tools in Azure AD. One of


Access Reviews: Manage Guest Users

Azure AD’s B2B (Business to Business) functionality allows organizations to invite external users into their organization so that they can collaborate. However, very few of