[WDS] MDT task sequence to accomplish prestaging like RIS

[cookie_monster]

No rush as i'm not trying this untill the new year i'm just thinking things over at the mo but i'd like a look at the files when you get time.

Thanks.

[PiqueABoo]

It basically copies i386 down to the PC with an extra drivers folder, it then uses setup.sif (another name for unattend.txt) to run setup with an answer file it finds all of the drivers in the drivers folder for newer hardware. As you see it runs a windows setup install which of course generates a unique SID.

1) Ignoring pre-staging (because I didn't care about that), deploying XP more or less like this is perfectly do-able with MDT . It has and I added required drivers to a driver library. I created a task sequence that initially prompts for computer name, lets me pick from a list of target OUs and then gets on and installs XP via the I386 source on an MDT distribution share, adds the relevant drivers, adds my choice of applications (which I limited to updates to integrated OS apps e.g. a newer IE, Media Player and so on), then joins it to the domain.

Downside: It took some time to figure out how to make MDT do that. It takes a while to figure out how to make MDT do anything. I think it's lovely now though and 2010 is nicer than the 2008 I started with.

2) Google "newsid retired" or even search on here - the new, official line is that fiddling with computer SIDs is a waste of time.

[mhundley]

The main issue with prestaging into AD is that we are often either setting up a new network or completely rebuilding the whole school.

I would not like to have to manually enter the values using wdsutil.

We are trying to work on a solution which is fairly portable as we have with RIS/WDS Legacy, we work for the LA and support around 130 schools on a rolling rota.

Having to use wdsutil to add all machines at the start of the project is not a fun prospect so we are trying to work around it.

[DMcCoy]

The main issue with prestaging into AD is that we are often either setting up a new network or completely rebuilding the whole school.

I would not like to have to manually enter the values using wdsutil.

We are trying to work on a solution which is fairly portable as we have with RIS/WDS Legacy, we work for the LA and support around 130 schools on a rolling rota.

Having to use wdsutil to add all machines at the start of the project is not a fun prospect so we are trying to work around it.

Well you must have some unique identifying value unless you just want to use a predefined naming convention. Even MDT will need something to use, serial number, MAC, model just about anything that you can query with wmi or a combination of all of the above. Prestaging is just easier if you already know what you want the computer name to be and it won't work with those sorts of values.

[mhundley]

At the moment we are happy to use the logon user to create the computer name using the WDS naming feature.

We set an OU for each class and within that give a user which only has rights to create a computer account/join computer to domain. The user will have the name of the room i.e. class1, using the WDS naming the first machine will be called room1-01, machine number2 = room1-02 etc

I should point out that we only tend to work in primary/first and middle schools so the most machines we have in each room is around 30.

In a lot of rooms there will only be a couple of machines so the ability to create the user on the server then visit each room once is our goal. Essentially RIS allowed us to do this really easily so we have tried to emulate this as closely as we could.

The only other way I can think around this to only visit once would be to add a command to the task sequence which queried the AD structure and prompted you to select the OU needed and provide a computer name, then automatically run the wdsutil command before kicking off the setup process. However that would require some coding and the solution we have at the moment is a lot easier than that.

[cookie_monster]

It seemed more straight forward with RIS/WDS legacy. F12 give machine a name, machine account appears in the default computers folder, move account to the correct OU, done.

[PiqueABoo]

MDT 2008 & I:

1) [USB|PXE|CD] boot the WinPE on a computer.
2) Pick the task sequence to install the OS I want.
3) Type in computer name.
4) Pick the target OU form drop-down list.
5) Job done or will be by-and-by. Go to next computer.

MDT 2010 doesn't break that and makes various server-side bits better.

[mhundley]

4) Pick the target OU form drop-down list.

What do you use to achieve the list? is it dynamic or hard coded, I have seen a hard coded example but if it were dynamic would be very flexible as you would not have to change whenever you add OU's to AD

Any chance of being cheeky and seeing your files?

Cheers

Marc

[PiqueABoo]

if it were dynamic would be very flexible as you would not have to change whenever you add OU's to AD

It's not that easy to do dynamic and I decided it would be too much effort. The basic problem is that WinPE being that cut-down pre-installation environment does not include the APIs you need to talk to AD easily e.g. the kind of things you can do it in a relatively trivial VBS or JS in normal Windows won't work in regular PE.

So I pre-define the OUs in the bootstrap.ini default section e.g.

[Default]
DomainOUs1=OU=Administration, OU=Computers, DC=myDomain, DC=internal
DomainOUs2=OU=Curriculum, OU=Computers, DC=myDomain, DC=internal
etc.

With 2008 and earlier, to actually get a computer moved into the OU selected in the Lite Touch wizard I had to add this third-party script near the end of the task sequence:

Z-MoveComputer_HostOS.wsf

The hard-coding doesn't bother me, because I've scripted/automated pretty much everything required to turn a freshly installed Server into a fully configured, first DC with all the services I want completely configured the way I want them, standard file/share structure/permissions, OU structure, comprehensive GPOs, user and resource groups, and that MDT configuration in place.

As part of the automation I pick up my standard MDT configuration files, including task sequences, OS images and my latest greatest driver library, and drop them on top of a default MDT distribution point. I have a script replace the text strings like "myDomain" above with the relevant one for the system e.g. "StTrinians", and similarly to localise a couple of other files.

If you're planning on making more than a handful of systems then investing time automating as much of the config as possible like this is definitely worth the effort - makes commissioning so much quicker and most importantly, consistent.

[oxide54]

It seemed more straight forward with RIS/WDS legacy. F12 give machine a name, machine account appears in the default computers folder, move account to the correct OU, done.

i agree, we ghost a generic image ( press f12 is all you need to do ghost is automated ) and then give it a computer name at the end. if its a re-ghost then the computer is already in the right ou if not then we move it afterwards.


MDT just seems like a pain in the proverbial.


btw was on a training course recently and the instructor seemed to think you could feed drivers portion of MDT exe installers for drivers and it would take them, but then again he was telling people you can't virtualize DC's