Sign in
 
HomeLibraryWikiLearnGalleryDownloadsSupportForumsBlogs
Resources for IT Professionals >
Two questions about adding machines to the domain with MDT 2012

Answered Two questions about adding machines to the domain with MDT 2012

  • Tuesday, December 11, 2012 9:08 PM
     
     
    Sign In to Vote
    0

    Hi fellas,

    I've been doing some overhauling of my image server lately, and one change I made was to make the machines automatically add to the company domain.

    My first problem is that by using the JoinDomain, DomainAdmin, and DomainAdminPassword properties in the customsettings.ini file, I'm storing domain administrator, or at least site admin credentials in plain text, waiting to be found.  Is there any other way to automatically add to the domain without storing these credentials in this file, or alternatively is there a way to secure this file?

    If not, this is my second question:  I could simply allow techs to add the machine to the domain from the deployment wizard, but I'm not sure how to select the correct OU, and I'd like to fix that.  Some research around the forum showed that there is a way, I think, to get the wizard to give a list of OUs to choose from using the DomainOUList.xml, but I didn't understand how to make that work or where to put the file, much less the syntax of it.

    Thanks


    • Edited by Atreus21 Tuesday, December 11, 2012 9:22 PM
    •  
     

All Replies

  • Tuesday, December 11, 2012 9:23 PM
     
     
    Sign In to Vote
    0

    Join Domain is merely an account that has the right to join the domain, no need ot a domain admin; I guess a better naming convention could have been used. So if you allow your techs to join a domain their account would work. You could also use the MDT database in order to get a masked password. If you want to allow them to add to a specific OU, make sure you grant the proper permission, recommended a "clean" OU, no GPO or anything that can break the deployment.
    As for selecting the correct OU, you can use the following in the CustomSettings.ini, look at this post

    http://social.technet.microsoft.com/Forums/en-US/mdt/thread/7dded5fe-c697-4cf7-b6ae-51397fa66793


    • Edited by Amnon Feiner Tuesday, December 11, 2012 9:24 PM
    •  
     
  • Tuesday, December 11, 2012 9:29 PM
     
     
    Sign In to Vote
    0
    I think I'm going to leave out the auto-add to the domain, and allow the techs to add to the domain via the wizard.  Therefore, my principle problem is how to setup and implement the DomainOUList.xml file.  We have a LOT of OUs, so I figure it makes more sense to have it in a separate file than put them all in the customsettings.ini file.
    • Edited by Atreus21 Tuesday, December 11, 2012 10:10 PM
    •  
     
  • Wednesday, December 12, 2012 12:18 AM
     
     
    Sign In to Vote
    0
    Well, either way you have to give them rights to join the domain, eh? Add the MDT DB, it will ease your life.
     
  • Wednesday, December 12, 2012 9:55 PM
     
     
    Sign In to Vote
    0
    Too true,  we have a deployment user that ONLY has the role for adding PC's to the domain.
     
  • Wednesday, December 12, 2012 10:14 PM
     
     Answered
    Sign In to Vote
    1

    for the OU list you should check out one of my old threads: http://social.technet.microsoft.com/Forums/en/mdt/thread/ed40a603-07c2-4a61-bb1c-4f2c142d16b2

    Keith Garner has instructions for making a drop down list for the OU you want the machine to join when it gets added to the domain. If memory serves, he wrote the original script while at Microsoft. That is what I'm using. I hope this is what you are looking for.

    • Marked As Answer by Atreus21 Friday, December 14, 2012 4:48 PM
    •  
     
  • Thursday, December 13, 2012 3:11 PM
     
     
    Sign In to Vote
    0

    Thanks for the help Kevin.  I found your old thread and found that xtremeconsulting link, and I got my DomainOUList.xml file to work.  But I can't decipher the changes that are necessary to the DeployWiz_ComputerName.vbs file to implement the friendly names.  (The link says it's DeployWiz_Initialization.vbs, but the comments suggest that in MDT 2012 it is now stored in DeployWiz_Computername.vbs.)  I've never been very good at scripting and/or coding.

     
  • Thursday, December 13, 2012 3:36 PM
     
     Answered Has Code
    Sign In to Vote
    1

    Replace the if statement in DeployWiz_ComputerName.vbs directly under the comment that talks about "Populate OU method #3 - Read ...\control\DomainOUList.xml" with the following code. This will allow you to use a drop down OU list menu in the wizard.

    If MachineObjectOUOptionalBtn.style.display <> "inline" then
	
		iRetVal = oUtility.FindFile( "DomainOUList.xml" , sFoundFile)
		if iRetVal = SUCCESS then     
			For each oItem in oUtility.CreateXMLDOMObjectEx( sFoundFile ).selectNodes("//DomainOUs/DomainOU")
	
				if oItem.Attributes.getNamedItem("value") is nothing then             
					AddItemToMachineObjectOUOpt oItem.text         
					else
						AddItemToMachineObjectOUOptEx oItem.text, oItem.Attributes.getNamedItem("value").value         
				end if     
			Next
		End if
	End if

    Then use the following syntax for your DomainOUList.xml file and place it in the control folder:

    <?xml version="1.0" encoding="utf-8"?>
	<DomainOUs>
		<DomainOU value="OU=Windows 7 Computers,DC=Company,DC=com">Windows 7 Computers</DomainOU>		
	</DomainOUs>

    This will allow you to select "Windows 7 Computers" from the drop down and the OU will populate in the field. Just add more fields for all your different OUs.

    There you go mate!

    • Proposed As Answer by Kevin Orrison Thursday, December 13, 2012 3:36 PM
    • Marked As Answer by Atreus21 Friday, December 14, 2012 4:48 PM
    •