Ben Hunter

Architect - Microsoft Enterprise Services - Redmond

BDD 2007 -How to ensure the computer is in the correct OU

BDD 2007 -How to ensure the computer is in the correct OU

  • Comments 11
  • Likes

As promised in a previous blog post here is a script to move a computer to the correct OU from within the host operating system.

There are two situations where I find this script useful:

  1. When a computer object already exists in Active Directory for the computer you are deploying. In this situation the existing computer object will be reused and the computer will remain in the original computer objects OU.
  2. When you are using a Staging OU during deployment. In this situation the computer is added to a staging OU when it is joined to the domain.

In both of these situations I want to ensure that the computer is in the correct OU when the deployment is finished.

To implement the script follow the steps detailed below:

Update the deployment point rules

The script uses the MACHINEOBJECTOU property specified using BDD rules to determine the OU that the computer object should be moved too.  You will need to ensure that your rules specify a value for this property for each computer.

The following properties to be declared in the deployment point rules. These properties are used to connect to AD and move the computers. The account used must have the rights to create and delete computer objects in the domain:

DomainAdminDomain
DomainAdminPassword
DomainAdmin

Update the scripts folder

Next you must add the script to the .\distribution\scripts folder. You will notice that the script names have the prefix "Z-" this is because BDD automatically copies all scripts that start with "Z" from the distribution share to other deployment points when they are updated.

Update the build task sequence

The next thing you do is add the scripts to the build task sequence. I would recommend creating an application for each script that executes a script and then add it to the task sequence as shown below. it is important to note that the "Move Computer" task is run near the end of the State Restore phase, particularly if you are moving the computer from a staging OU.

image

Update your deployment points

Finally you should update your deployment points to so that these changes are propagated to the correct places.

If you want to see how to move the computer to a staging OU from within windows PE then refer to my previous blog post.

Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included script samples are subject to the terms specified in the Terms of Use.

Attachment: Z-MoveComputer_HostOS.zip
Comments
  • PingBack from http://blogs.technet.com/benhunter/archive/2007/09/16/bdd-2007-how-to-move-a-computer-object-in-windows-pe.aspx

  • Excellent as always! Thanks for taking the time to write it up

  • We're having problems just joing the domain by adding the information to the Specialize section Windows-Setup-UnattendJoin section.  Is this a known issue?  We have not created a custom WIM image yet.  Just using BDD to push out an unattended install of Vista Enterprise.

  • Great script Ben, I've done something similar in the past, and the only issue we had is that the occasionaly the script would connect to a different DC than the one that was used for the domain join.  If the DCs were in different sites, and replication had not occured by the time the Move OU script runs .. it can't find the Computer object to move.  Do you know of any method of determining which DC was used by the client for the Domain Join?  If so we could then target the script to the same DC.

  • I have not tried to do this before. But I know it has the DC used to join in the netsetup.log file. You could get the information from there and then use it in your script.

    Thanks,

    Ben

  • Hello Ben,

    I now recieve an error after processing Move computer routin in the Z-MoveComputer_StagingOU.log

    Unhandled error returnd by Z-Movecomputer_StagingOU: Table does not exist. (-2147217865) etc.

    any idea what this could be?

  • Generally that error means that there is something wrong with your AD connection.

    You have have to add some more logging to the script to determine why.

    Thanks,

    Ben

  • Hi Ben,

    Quick question on this one.  Why can't you just edit the unattend.txt for each particular task sequence?  Under the Identification header I have edied my MachineObjectOU and it is working.  

    Just trying to determine if it's necessary to change at this point, since I have it working now in my environment.

    In any case, good stuff!

    Rich

  • Ben,

    How does this script detect which OU to put the computers you're imaging into?  Does it take whatever you have configured for MACHINEOBJECTOU in the unattend.txt file of the TS, or do you need to enter the MACHINEOBJECTOU line into the cs.ini?

    Thanks,

    Rich

  • Hi Rich,

    You can edit the unattend.txt file and it will work. If for some reason you want to override this value then you can add it to the CS.ini and MDT will update the unattend.txt for you.

    Thanks,

    Ben

  • If you are using GPOs in your Active Directory Environment you can come into a situation during your