Workspace One Windows 10 SCCM ConfigMgr Airlift

Airlift Hands-On Lab - Part 8

May 4, 2022 7 min read
Airlift Hands-On Lab - Part 8

The purpose of this series of posts is to explore and use Workspace ONE AirLift into a Lab environment to migrate devices, applications, and policies (GPOs) from ConfigMgr and Active Directory Domain Services (ADDS) to Modern Management with Workspace ONE.

Table of Content:

Part 1 - AirLift Introduction and Diagram Overview. [Click here]
Part 2 - Servers and Computer Global Configuration. [Click here]
Part 3 - Active Directory Configuration and Domain Join. [Click here]
Part 4 - Hard Disks Configuration and prerequisite Sources Preparation. [Click here]
Part 5 - Roles and Features Installation. SPN Creation. [Click here]
Part 6 - SQL Server, SSRS and SSMS Installation. [Click here]
Part 7 - WSUS Installation and Configuration. ADK And WinPE Installation. [Click here]
Part 8 - ConfigMgr prerequsisites: System Management Container creation, AD Schema Extension and Database Creation. [You are here]
Part 9 - Installation, Overview and Update of ConfigMgr. [Coming Soon !]
Part 10 - ConfigMgr Configuration: Discovery methods Activation, Boundaries creation, Software Center personalization, VLC app configuration. [Coming Soon !]
Part 11 - Airlift Installation, Configuration and Overview. [Coming Soon !]

1 - System Management Container Creation

The following manipulation have to be done on MOB-SRV-DC-01 Server.

  1. Open Server Manager.
  2. Click on Tools located on the upper right corner.
  3. Click on ADSI Edit.
  1. From ADSI Edit Window, click Action menu.
  2. Click on Connect to...
  1. On Connection Settings window, leave default values.
  2. Click on OK.
  1. Expand Default naming context node.
  2. Expand DC=ad,DC=mobinergy,DC=com node.
  3. Right click on CN=System node.
  4. Click on New.
  5. Click on Object...
  1. From Create Object window, select the class container.
  2. Click on Next >.
  1. Next to Value, enter System Management.
  2. Click on Next >.
  1. Click on Finish.
  1. Refresh ADSI Edit and expand CN=System node.
  2. Verify that CN=System Management is well listed.
  1. Close ADSI Edit.

2 - System Management Delegation

The following manipulation have to be done on MOB-SRV-DC-01 Server.

  1. Open Server Manager.
  2. Click on Tools located on the upper right corner.
  3. Open Active Directory Users and Computers.
  4. Click on View menu.
  5. Click on Advanced Features.
  1. Expand ad.mobinergy.com node.
  2. Expand System node.
  3. Locate System Management.
  4. Right click on System Management.
  5. Click on Delegate Control...

2.1 - Welcome Step

  1. Click on Next >.

2.2 - Users or Groups Step

  1. Click on Add...
  2. Click on Object Types...
  3. Check Computers.
  4. Click on OK.
  5. Search for MOB-SRV-MECM-01 Server.
  6. Confirm by clicking on Check Names.
  7. Click on OK.
  8. Click on Next >.

2.3 - Tasks to Delegate Step

  1. Select Create a custom task to delegate.
  2. Click on Next >.

2.4 - Active Directory Object Type Step

  1. Leave default value.
  2. Click on Next >.

2.5 - Permissions Step

  1. Under Show these permissions section, check the 3 boxes:
    • General.
    • Property-specific.
    • Creation/deletion of specific child objects.
  2. Under Permissions section, check Full Control.
  3. Click on Next >.

2.6 - Final Step

  1. Click on Finish.

3 - Extend AD Schema

The following manipulation have to be done on MOB-SRV-MECM-01 Server.

  1. Open File Explorer.
  2. Navigate to Sources > MECM > SMSSETUP > BIN > X64.
  1. Click on File menu.
  2. Click on Open Windows Powershell.
  3. Click on Open Windows Powershell as administrator.
  1. From Windows Powershell console enter the following command:
    .\extadsch.exe
  1. Close Windows Powershell.
  1. [OPTIONAL] to verify ExtADSch log, go back to File Explorer. Navigate to C: drive then open ExtADSch.log.
  1. [OPTIONAL] For more Schema Extensions details, navigate to Sources > MECM > SMSSETUP > BIN > X64 then open ConfigMgr_ad_schema.ldf file on Notepad.

In fact, according to Microsoft documentation, the two above files are parts of two different options to extend the Active Directory schema:
EXTEND_AD

  1. Close all windows.

4 - NO_SMS_ON_DRIVE.SMS

The following manipulation have to be done on MOB-SRV-MECM-01 Server.

According to Microsoft documentation:

To prevent the content library from being installed on a specific drive, create an empty file named NO_SMS_ON_DRIVE.SMS. Copy it to the root of the drive before the content library is created.

  1. Open File Explorer.
  2. Navigate to Sources folder.
  3. Create an empty file named NO_SMS_ON_DRIVE.SMS.
  1. Copy and Past NO_SMS_ON_DRIVE.SMS to the root of all drives EXCEPT Content_Library (F:) drive
  1. Close all windows.

5 - ConfigMgr Database Configuration

The following manipulation have to be done on MOB-SRV-MECM-01 Server.

Configuring Database step is highly recommended and not mandatory to perform.

  1. Open Microsoft SQL Server Management Studio.
  2. Connect to Server by leaving default values and click Connect.
  3. Under Object Explorer, Expand MOB-SRV-MECM-01 node.
  4. Right click on Databases.
  5. Click on New Database...
  1. Navigate on General page.
  2. Next to Databases name property, enter CM_MOB where MOB match the MECM SITE NAME which we will configure later.
    Shortly, site name is used to identify and manage the site in a Configuration Manager hierarchy.

Database name is very critical. It must be in the following format: CM_[SITE_NAME] where [SITE_NAME] is 3 alphanumeric characters. Only the letters A through Z and the numbers 0 through 9, in any combination, are allowed.
Moreover, according to Microsoft Documentation:

  • do not use Microsoft reserved names such as AUX, CON, NUL, PRN, SMS or ENV.
  • Changing the site code or site name after installation is not supported by Microsoft.
    SITE_NAME
  1. Next to Owner property, enter sa - stands for Service Account.
  2. Under Database files section, add 3 new files by clicking three time on Add.
  3. Rename all ROWS Data type files with the following format: CM_MOB_[X] where X is successively the integers 1,2,3 and 4.
  4. Modify the Initial Size (MB) from 8 to 256 for each ROWS Data type files.
  5. Modify the Initial Size (MB) from 8 to 512 for the CM_MOB_log file.
  6. Modify the File Growth from Autogrowth / Maxsize from 64 to 128 for each ROWS Data type files.
  7. Modify the File Growth from Autogrowth / Maxsize from 64 to 256 for the CM_MOB_log file.
  1. Assign Path H:\MECM_DB for each ROWS Data type files.
  2. Assign Path I:\MECM_DB for the CM_MOB_log file.
  1. Navigate on Options page.
  2. Next to Recovery model property, select Simple.
  3. Click on OK.
  1. Go back on Microsoft SQL Server Management Studio main window.
  2. Under Object Explorer, expand MOB-SRV-MECM-01 node.
  3. Expand Databases node.
  4. Select CM_MOB database.
  5. Click on New Query.
  6. Enter the following SQL command:
    SELECT SERVERPROPERTY ('Collation')
  7. Click on Execute.
  8. Verify that SQL_Latin1_General_CP1_CI_AS appears as a result.
  1. Close Microsoft SQL Server Management Studio window.

6 - Allow .MSI file in IIS Server

The following manipulation have to be done on MOB-SRV-MECM-01 Server.

  1. Open Server Manager.
  2. Under Tools tab, click Internet Information Services (IIS) Manager.
  3. Select MOB-SRV-MECM-01.
  4. Open Request Filtering under IIS section.
  1. On the right panel, under Actions section, click Allow File Name Extension...
  2. On Allow File Name Extension window, enter .msi.
  3. Click on OK.
  1. Close Internet Information Services (IIS) Manager window.

7 - ConfigMgr Prerequisite Check

The following manipulation have to be done on MOB-SRV-MECM-01 Server.

  1. Open File Explorer.
  2. Navigate to Sources > MECM > SMSSETUP > BIN > X64.
  3. Open Windows Powershell as administrator from File Explorer menu.
  4. Run the bellow command:
    .\prereqchk.exe /LOCAL
  1. A Configuration Manager window pop-up.
  2. Verify that no failed Prerequisite are listed.
  3. Click on OK.
  4. Close all windows.

In my case, I have two Warning:

  • The first one, "Verify site server permissions to publish to Active Directory." is a known issue according to this forum conversation.
    KNOWN_ISSUE
  • The second one, "SQL Server process memory allocation" is a legit Warning as I set 4 GB of memory where Microsoft recommend 8 GB.

8 - Update Architecture Diagram

Regarding modifications, here is the updated Architecture Diagram:

9 - Conclusion

This is the end of the Part 8 for this series of posts. In this post we have done the following manipulations:

  • Creation of System Management Container.
  • Delegation of System Management Container.
  • Extend AD Schema.
  • Installation and configuration of ConfigMgr Database.
  • Check ConfigMgr Prerequisites.

See you in Part 9 to continue the configuration.

Published by
Maxime Crouzet
Maxime Crouzet
I started the VMware Workspace ONE adventure in 2014. I enjoy challenges related to emerging technologies, including mainly topics about Security and Windows 10.
Table of Contents
Great! Next, complete checkout for full access to Mobinergy Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Mobinergy Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.