Welcome to TechNet Blogs Sign in | Join | Help

BDD 2007 -How to ensure the computer is in the correct OU

As promised in a previous blog post here is a script to move a computer to the correct OU from within the host operating system.

There are two situations where I find this script useful:

  1. When a computer object already exists in Active Directory for the computer you are deploying. In this situation the existing computer object will be reused and the computer will remain in the original computer objects OU.
  2. When you are using a Staging OU during deployment. In this situation the computer is added to a staging OU when it is joined to the domain.

In both of these situations I want to ensure that the computer is in the correct OU when the deployment is finished.

To implement the script follow the steps detailed below:

Update the deployment point rules

The script uses the MACHINEOBJECTOU property specified using BDD rules to determine the OU that the computer object should be moved too.  You will need to ensure that your rules specify a value for this property for each computer.

The following properties to be declared in the deployment point rules. These properties are used to connect to AD and move the computers. The account used must have the rights to create and delete computer objects in the domain:

DomainAdminDomain
DomainAdminPassword
DomainAdmin

Update the scripts folder

Next you must add the script to the .\distribution\scripts folder. You will notice that the script names have the prefix "Z-" this is because BDD automatically copies all scripts that start with "Z" from the distribution share to other deployment points when they are updated.

Update the build task sequence

The next thing you do is add the scripts to the build task sequence. I would recommend creating an application for each script that executes a script and then add it to the task sequence as shown below. it is important to note that the "Move Computer" task is run near the end of the State Restore phase, particularly if you are moving the computer from a staging OU.

image

Update your deployment points

Finally you should update your deployment points to so that these changes are propagated to the correct places.

If you want to see how to move the computer to a staging OU from within windows PE then refer to my previous blog post.

Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included script samples are subject to the terms specified in the Terms of Use.

Published Sunday, October 07, 2007 10:25 AM by BenHunter
Attachment(s): Z-MoveComputer_HostOS.zip

Comments

# Ben Hunter : BDD 2007 - How to move a computer object in Windows PE

Sunday, October 07, 2007 5:33 AM by Ben Hunter : BDD 2007 - How to move a computer object in Windows PE

PingBack from http://blogs.technet.com/benhunter/archive/2007/09/16/bdd-2007-how-to-move-a-computer-object-in-windows-pe.aspx

# re: BDD 2007 -How to ensure the computer is in the correct OU

Monday, October 08, 2007 12:13 AM by Todd Hemsell

Excellent as always! Thanks for taking the time to write it up

# re: BDD 2007 -How to ensure the computer is in the correct OU

Tuesday, October 09, 2007 4:08 PM by Jay Parekh

We're having problems just joing the domain by adding the information to the Specialize section Windows-Setup-UnattendJoin section.  Is this a known issue?  We have not created a custom WIM image yet.  Just using BDD to push out an unattended install of Vista Enterprise.

# re: BDD 2007 -How to ensure the computer is in the correct OU

Thursday, October 18, 2007 1:22 AM by Jon Lambert

Great script Ben, I've done something similar in the past, and the only issue we had is that the occasionaly the script would connect to a different DC than the one that was used for the domain join.  If the DCs were in different sites, and replication had not occured by the time the Move OU script runs .. it can't find the Computer object to move.  Do you know of any method of determining which DC was used by the client for the Domain Join?  If so we could then target the script to the same DC.

# re: BDD 2007 -How to ensure the computer is in the correct OU

Thursday, October 18, 2007 2:56 AM by BenHunter

I have not tried to do this before. But I know it has the DC used to join in the netsetup.log file. You could get the information from there and then use it in your script.

Thanks,

Ben

# re: BDD 2007 -How to ensure the computer is in the correct OU

Friday, November 23, 2007 5:45 AM by Kamman

Hello Ben,

I now recieve an error after processing Move computer routin in the Z-MoveComputer_StagingOU.log

Unhandled error returnd by Z-Movecomputer_StagingOU: Table does not exist. (-2147217865) etc.

any idea what this could be?

# re: BDD 2007 -How to ensure the computer is in the correct OU

Sunday, November 25, 2007 2:14 AM by BenHunter

Generally that error means that there is something wrong with your AD connection.

You have have to add some more logging to the script to determine why.

Thanks,

Ben

# re: BDD 2007 -How to ensure the computer is in the correct OU

Thursday, February 14, 2008 11:56 AM by Old_Chicago

Hi Ben,

Quick question on this one.  Why can't you just edit the unattend.txt for each particular task sequence?  Under the Identification header I have edied my MachineObjectOU and it is working.  

Just trying to determine if it's necessary to change at this point, since I have it working now in my environment.

In any case, good stuff!

Rich

# re: BDD 2007 -How to ensure the computer is in the correct OU

Thursday, February 14, 2008 12:13 PM by Old_Chicago

Ben,

How does this script detect which OU to put the computers you're imaging into?  Does it take whatever you have configured for MACHINEOBJECTOU in the unattend.txt file of the TS, or do you need to enter the MACHINEOBJECTOU line into the cs.ini?

Thanks,

Rich

# re: BDD 2007 -How to ensure the computer is in the correct OU

Friday, February 15, 2008 7:56 PM by BenHunter

Hi Rich,

You can edit the unattend.txt file and it will work. If for some reason you want to override this value then you can add it to the CS.ini and MDT will update the unattend.txt for you.

Thanks,

Ben

# Moving computers in Active Directory using a webservice

Sunday, March 15, 2009 5:52 AM by Maik Koster at myITforum.com

If you are using GPOs in your Active Directory Environment you can come into a situation during your

Anonymous comments are disabled
 
Page view tracker