What's New

SCCM 2012 – Hierarchy with CAS – Installation Central Administration Site [Part 1]

sccm_wp_header Here is the first part of the SCCM 2012 R2 series. On part one I will show you guys how to configure a Central Administration Site for all your administration and reporting needs with your hierarchy. You should probably only consider installing a CAS [Central Administration Site] if you intend to manage more than 100,000 client. The reason for this is because the limit for a Primary Site is 100,000 clients so if you want to manage more than the you'll need more than one Primary Server and therefore you will need a CAS in place.

BTNHD Lab Setup

Three servers build:

  1. BJ-AD – this server is running Active Directory, DNS, DHCP on Windows Server 2012
  2. BJ-CAS – this server is running SQL Server 2008 R2 SP2 and will host SCCM 2012 R2 Central Administration Site
  3. BJ-PS – this server is running SQL Server 2008 R2 SP2 and will be the Primary Site Server

Make sure your CAS and PS server are joined to Active Directory and verified DNS is working correctly by doing a nslookup command on the servers.

 Active Directory Setup

I created some Active Directory accounts for the lab rather than using the Administrator account all the time. I need to follow my best practices 🙂

  • SMSadmin – this account will be used to log into the CAS and PS server
  • bjuser – this account for logging into a client machine and do some testing
  • ReportsUser – account is used for reporting services
  • ClientInstall – this account is going to be used when installing the Configuration Manager Client for the client push
  • SCCMNAA – this account is for (Network Access Account) used during OSD [Operating System Deployment]

I added SMSadmin & ClientInstall into the local administrator groups within the BJ-CAS and BJ-PS servers.

The next step is to open ADSI Edit within your Active Directory server and create the System Management Container.

Locate the “CN=System” node and right-click to create a new object:

You will be creating a “container” object:

Name the container “System Management”

Close ADSI edit inside your Active Directory server. It’s time to delegate permissions to the System Management container that we created without these permissions SCCM won’t be able to communicate with Active Directory properly.

Open Active Directory Users and Computers. Click on “View” and select “Advanced Features”. Locate the System node and find the “System Management”

Locate the “System” Node and right-click and pick “Delegate Control….”

The wizard will load up and click on “Next”

Click on “Add”

We need to add our CAS and PS servers:

Click on “Object Types” and click on Computers:

Enter your CAS and PS server:

Once added click on “Next”

Click on “Create a custom task to delegate”

By default, you have the option that you need which is “This folder, existing objects in this folder, and creation of new objects in this folder”

Pick General, Property-specific and creating/deletion of specific child objects and make sure the permissions are set to “Full Control”


Before We start the installation when need to do one last thing with Active Directory and that’s to extend the Active Directory schema for Configuration Manager.

Within the SCCM 2012 R2 folder, CD or ISO you will find a SMSSETUP folder. Double click on that folder and get into BIN >> X64. Locate and run the “extadsch”

Check the Configuration Manager log file, which is located in the root of the C drive. The file is called ExtADSch.log.

Time to get the server ready to deploy Central Administration Site on it. You will need to install the following Features and Roles.

  • .NET Framework 3.5.1
  • .NET Framework 4.5
  • WCF Activation [not needed with Windows 2012, but if you are doing this within Windows 2008 then you will need it]
  • Web Services [IIS] with the following components
    • Common HTTP Features
      • Static Content
      • Default Document
      • Directory Browsing
      • HTTP Errors
      • HTTP Redirection
    • Application Development
      • ASP.NET
      • .NET Extensibility
      • ASP
      • ISAPI Extensions
      • ISAPI Filters
    • Health and Diagnostics
      • HTTP logging
      • Logging tools
      • Request Monitor
      • Tracing
    • Security
      • Basic Authentication
      • Windows Authentication
      • URL Authorization
      • Request Filtering
      • IP and Domain Restrictions
    • Performance
      • Static Content Compression
    • Management Tools
      • IIS Management Console
      • IIS Management Scripts and Tools
      • Management Service
      • IIS 6 Management Compatibilty
      • IIS 6 Metabase Compatibility
      • IIS 6 WMI Compatibility
      • IIS 6 Scripting Tools
      • IIS 6 Management Console

The last two features and roles that you will need for your servers [CAS & PS] is BITS and RDC.

Almost done guys, the final steps is to start the installation process. I made the step-by-step into a PowerPoint. This is the same PowerPoint I used in the video.

[office src=”https://onedrive.live.com/embed?cid=18DE4C16BF6ED950&resid=18DE4C16BF6ED950%211727&authkey=AFGqIhQlARMmMDc&em=2&wdAr=1.7777777777777777″%5D

About BjTechNews (1056 Articles)
An IT guy trying to learn everything about technology and sharing it with you all. I'm a blogger and video blogger who highlights daily news in the tech industry, promoting tips and hacks for fellow techies.

2 Comments on SCCM 2012 – Hierarchy with CAS – Installation Central Administration Site [Part 1]

  1. Very helpful howto – thank you very much !

  2. I am preparing a Infra of 1 CAS, 3 Primary in 3 country and its subsequent 1 secondary site each for every primary. Please let me know where should i install the WSUS Role?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: