Customising Windows 7 deployments – part 2. Specifying an Organisational Unit (OU) using the MachineObjectOU variable.

Specifying an Organisational Unit (OU) using the MachineObjectOU variable.

Step 1. Create a collection variable.

In Configmgr expand the collections node and select your Deploy 7 x86 collection (if you don’t have one, create one for the purpose of this test).

Right click on the Collection and choose Modify Collection Settings,

click on the Collection Variables tab.

Create a new Collection Variable called MachineObjectOU by clicking on the yellow star.

De-select the Do not display this value in the ConfigMgr console and enter the desired value in the Value field:

OU=VirtualMachines,OU=Inf,DC=server2008,DC=lab,DC=local


Click Ok to save your settings.

Step 2. Edit The Task Sequence to use the %MachineObjectOU% Variable

Now that you have set the Collection Variable it’s time to modify your Task Sequence.

right click on your Task Sequence and choose Edit, click on the Apply Network Settings step. Select Join a Domain and Enter your Domain values and then for the  for the Domain OU: part input %MachineObjectOU%

Step 3. Deploy Windows 7 and verify

Advertise your Task Sequence to the Deploy 7 x86 collection and add a computer to the collection, PXE boot, let the deployment finish and verify that the compuer ends up in the OU you specified. Here’s a copy of the Task Sequence used in this example if you want to test it yourself.

machineobjectou.xml

Simply Import it and change the Domain settings and any references to boot image, operating system image and configmgr client from definition package.


Troubleshooting notes:

  • TIP: to get the correct OU statement for the Collection Variable you can open the edit the task sequence step called Apply Network Settings, and click on browse for Domain OU part of join a domain, then copy everything after the LDAP:// statement 
  • If you deploy Windows 7 and the computer doesn’t join the domain or the correct OU then read the c:\windows\debug\netsetup.api log file to find out what the domain join error was.
  • Don’t try and stick the computer into the Computers OU, it will fail
  • The account that you use to join the domain (in my example it’s domjoin) may need permissions delegated to it to allow it to create objects in the selected OU.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.