MDT 2013 Guide 12: Deployment Role and Computer Object

This post will detail the final steps required for the deployment.

Since this phase will add the computer to the domain, we will require a user with specific permissions to add workstations to the domain.

 

Create Domain Join User

On the domain controller, open Active Directory Users and Computers.

If you don’t already have one, create an OU for your new workstations.

2032

Next create a new Service User which will be used by MDT to add workstations when deploying.

2033

Create a new Permissions Group which will be given the permissions to add workstations.

2034

Add the service user to the above permissions group.

2035

In order to add the relevant permissions, we will need to enable Advanced Features within Active Directory Users and Computers. Click the View menu and Advanced Features.

2036

Navigate to your Workstations OU, right-click and choose Properties.

2037

Click on the Security tab and then Advanced.

2038

Click Add, then Select a principal. Type in the name of the permissions group and click Check Names.

2039

After clicking OK, scroll down and tick Create Computer objects and Delete Computer objects.

2040

Click OK to save.

Click Add again and Select a principal. Enter the same permissions group as before and click OK.

Change Applies to to Descendent Computer objects.

2041

Scroll down and tick all of the following Permissions:

  • Write all properties
  • Modify permissions
  • Change password
  • Reset password
  • Validated write to DNS host name
  • Validated write to service principal name

2042

Click OK a few times to save all permissions

 

Deployment Role

On the MDT server, open Deployment Workbench and navigate to Advanced Configuration – Database – Roles. Right-click on Roles and choose New.

2030

Give the role a name.

2031

Click on the Details tab and modify the following:

  • DomainAdmin: Enter the DomainJoin service user you have just created (eg. S-MDT-DomainJoin)
  • DomainAdminDomain: Your domain name (eg. YSTER)
  • DomainAdminPassword: The password for the service account
  • JoinDomain: The domain again (eg. YSTER)
  • MachineObjectOU: The distinguished name of your workstations OU

2043

Note: If you are not familiar with how distinguished names are specified, you can copy and paste the information from Active Directory Users and Computers. Right-click on the OU in question and choose Properties. Click on the Attribute Editor tab, select distinguishedName and click View.

2044

From there you can copy the value and paste it into the MachineObjectOU field in the MDT Role.

Back in the MDT Role, you’ll want to continue editing the following entries:

  • _SMSTSORGNAME: This string will appear on the top of the status window when deploying, so I like to add something like “Deploying Windows 8.1”
  • TaskSequenceID: Enter the ID of your deploy task sequence (eg. DEPLOY_WIN81)
  • WsusServer: Enter the URL to your WSUS server (eg. http://mdt01.yster.lab:8530)
  • TimeZoneName: The name of your time zone (eg. GMT Standard Time)
  • KeyboardLocale: If you don’t use a standard US keyboard, enter the locale here (eg. en-gb)
  • UserLocale: Enter a user locale if not US standard (eg. en-gb)

2045

Click OK to save the Role.

 

Add the Computer Object

Create a new virtual machine and get the MAC address. Same procedure as with the Gold Image virtual machine.

Navigate to Advanced Configuration – Database – Computers. Right-click and choose New.

2046

Add the MAC Address for the new virtual machine, and a Description if you want.

2047

Click on the Details tab and enter the computer name under OSDComputerName.

2048

Click on the Roles tab and Add the Deploy Windows 8.1 role.

2049

Click OK to save.

 

Deploying a Workstation

The last step in the process is to network boot the new virtual machine and watch while it deploys.

2050

2051

After a few minutes, it will complete. Log in with a domain user and you will see that it is joined to the domain.

2052

 

Conclusion

This concludes phase 3 and the MDT 2013 Guide. You should now have a complete deployment framework that can be customised for your specific needs.

 

MDT2013 Series:
01 Intro and Active Directory Setup
02 MDT Software Installation
03 Deployment Share and MDT Database Setup
04 Network Access Permissions
05 Application and OS
06 Creating Build Task Sequence
07 MDT Database
08 WDS and PXE Booting
09 Creating the Gold Image
10 Capturing the Gold Image
11 Creating Deployment Task Sequence
12 Deployment Role and Computer Object