Skip to main content

SCCM Task Sequence with automated AD Computer naming Web Services

By

Maik Koster created a wonderful Deployment Web Service which can help an admin automate many AD, SCCM, and MDT tasks within a Task Sequence.  This blog entry is specifically around producing a Computer Name in Active directory and passing this staged computer name into the OSDComputerName TS variable.

1 Download the DWS from here and extract to a directory on your webserver
2 Open IIS Manager and expand Sites.
3 Right click on Default Web Site and choose Add Application
4 Specify an Alias and point the physical path to the extracted directory.
5 Right Click the applications Pools and choose "Add Application Pool"
6 Provide an Application Pool Name
7 Click on Application Pools
8 Right click on your Application Pool and select Advanced Settings
9 In the Process Model area click into the Identity field and then click on the ... Button
10 Choose Custom account and click on Set...
11 Enter a valid Username and Password and click OK
12 Expand Default Web Site and select the new Application created in step 3
13 Right click and choose Manage Application - Advance settings
14 In the General Area > Application Pool field select the Application Pool name created in step 6
15 Expand Default Web Site, Click the Application added in step 4 
16 Click Application Settings on the right and specify the appropriate accounts. See "Configure Application Settings" section below.


CustomSettings.ini Example

[GenerateComputerName]
WebService=http://localhost/WebService/ad.asmx/GenerateComputerName
ComputerNamePrefix=Prefix
CustomUUID=netbootGUID
MachineObjectOU=OUPath
Parameters=Prefix,netbootGUID,OUPath

Configure Application Settings:

On default, the webservice will use the configured application pool user for authentication. It requires only a couple Application Settings to be set:
RootServer - The SCCM Root Server
SLPServer - One SCCM Server with the SLP Role
RootSiteCode - The Root site code

For Access to the MDT Database you need to configure at least
MDTDBServer - The MDT Database server (with Instance if necessary)
MDTDBName - The MDT Database name
MDTDBIntegratedSecurity - Set to "True" if you want to use the application pool account for authentication. If set to "False" you need to supply the following two settings
MDTDBUser - Username to access the MDT Database
MDTDBPassword - Password to access the MDT Database

For Active Directory access, you can optionally configure the following Application Settings. This is only necessary, if the application pool user account does not have enough permissions to do execute the required functions, and/or if you need to access a different domain as the application pool User is member of:
ADDomain - Domain to query (use either "domain.com" or "DC=Domain,DC=COM" format)
ADUsername - Username for authentication
ADPassword - Password for authentication



URLS
Deployment Web service (v7.3)

http://mdtcustomizations.codeplex.com/wikipage?title=Installation%20Guide&referringTitle=Documentation

http://myitforum.com/myitforumwp/2013/03/07/a-quickstart-guide-to-using-web-services-in-mdt-sccm/

ZTI_ExecuteWebService.wsf
http://mdtcustomizations.codeplex.com/releases/view/37245

Comments

  1. UnknownJanuary 17, 2017 at 9:49 PM

    Hi,
    The webservice is creating a computerobject that is disabled and OSD cannot join the computer to the domain. How do you solve this?

    ReplyDelete

Post a Comment

Popular posts from this blog

SCCM Unknown computer not able to see Task Sequences after installing Current Branch 1702

By
Soon after installing SCCM CB 1702 we were unable to see Task Sequences deployed to the unknown collection. This issue was identified as a random system taking the GUID of the 'x64 Unknown Computer (x64 Unknown Computer)' record. As a result it was now a known GUID; as we were only deploying Task Sequences to the Unknown collection none were made available. 'x64 Unknown Computer (x64 Unknown Computer)' record 'x86 Unknown Computer (x86 Unknown Computer)' record To get the GUID of your unknown systems open SQL management studio and run the following command: --Sql Command to list the name and GUID for UnknownSystems record data select ItemKey, Name0,SMS_Unique_Identifier0 from UnknownSystem_DISC Using the returned GUID (SMS_Unique_Identifier0) we can find the hostname that has been assigned the 'x64 Unknown Computer (x64 Unknown Computer)' GUID by running the query below. --x64 Unknown Computers select Name0,SMS_Unique_Identifier0,Decommissioned0 from Sys...
167 comments
Read more

KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932

By
This article outlines the protection against the publicly disclosed Secure Boot security feature bypass involving the BlackLotus UEFI bootkit (CVE-2023-24932). It includes steps to enable the necessary mitigations and provides guidance on creating bootable media. I will provide: - An overview of the CVE issue. - Pre-requisite actions within ADK. - Detection and remediation scripts for CVE-2023-24932. - Instructions for creating a WinPE Boot.wim file to support systems that have undergone remediation. - A breakdown of the files changed and how to boot WinPE to support systems before remediation. 1. Secure Boot Security Feature Bypass Vulnerability CVE-2023-24932 see MSRC CVE-2023-24932 is a security vulnerability involving the BlackLotus UEFI bootkit, which allows attackers to bypass Secure Boot protections. This vulnerability enables the execution of malicious code at the UEFI level, potentially leading to persistent and evasive threats. Mitigations for this issue include updates to th...
Post a Comment
Read more

Java 7 update 21 (1.7.0_21) Enterprise Repackaged Security Medium Deployment with SCCM

By
------------------------------------------------------------------------------------------------- Java 7 update 45 Enterprise deployment complete walk through http://www.syswow64.co.uk/2013/10/java-7-update-45-enterprise-deployment.html -------------------------------------------------------------------------------------------------- The issue on many blogs and articles is around creating the 'deployment.config' and 'deployment.properties' files for an enterprise deployment.  In my case i wanted to set the security level to 'Medium', but everytime I open the Java control panel it was set to the default HIGH setting. Solution 1 Create the following directory path 'C:\Windows\sun\java\deployment' 2 Create a file called 'deployment.config' in this directory and open with Notepad. Copy the two line below #################### deployment.system.config = file\:\\C\:\\WINDOWS\\Sun\\Java\\Deployment\\deployment.properties deployment.system...
15 comments
Read more