Configuring an OS Image to allow the desired Organisational Unit (OU) of the Directory to be selected when building a PC via Operating System Installation Management (OSIM).

Document ID : KB000022798
Last Modified Date : 30/07/2018
Show Technical Document Details
Introduction:

When building a target PC with Operating System Installation Management (OSIM) the target PC can join a Directory automatically.

In large organisations the Directory is divided into several Organisational Units (OU's) and the computers should not only join the directory but also join the correct OU as defined by an administrator.

 

Environment:
Client Automation (ITCM) -- any version.
Instructions:

The canet command used to join the computer to the Directory supports this but a modification is required to the OSImage in order to leverage this functionality.

To achieve this 2 files need to be modified 


For windows 7 and below

...\managedpc\images\imagename\imagename\oeminst\custom.cmd
 ...\managedpc\images\imagename\default.ini

 

For Windows 8 and above:

...\managedpc\images\imagename\imagename\oeminst\oobecustom.cmd
 ...\managedpc\images\imagename\default.ini


custom.cmd (Win 7 and older) / oobecustom.cmd (Win 8 and newer) changes:

Change the line:

.\canet.exe JoinDomain "$Domain$" "$DomainUser$" "$DomainPasswd$" >>c:\calogfile.txt

to:

rem -- join domain
if not "$Domain$" == "" (
  echo -- join domain
  echo Add system to domain $Domain$ "$DomainOU$" >> c:\calogfile.txt
  .\canet.exe JoinDomain "$Domain$" MachineObjectOU="$DomainOU$" "$DomainUser$" "$DomainPasswd$" >> c:\calogfile.txt
)
type c:\calogfile.txt | FIND /i "Failed to join " >NUL
if %ERRORLEVEL%==0 (
  echo Add system to domain $Domain$ in Default OU or use existing account >> c:\calogfile.txt
  .\canet.exe JoinDomain "$Domain$" "$DomainUser$" "$DomainPasswd$" >> c:\calogfile.txt
)

Note: This change will not only allow the computer to be joined to the specified OU, but in the case the join fails because the asset already exists in another OU, will fallback to a regular domain join.


The definition of the MachineObjectOU value:
Optionally specifies the pointer to a constant null-terminated character string that contains the RFC 1779 format name of the organizational unit (OU) for the computer account. If you specify this parameter, the string must contain a full path, for example, OU=testOU,DC=domain,DC=Domain,DC=com. Otherwise, this parameter must be NULL.

Default.ini modification:
The Modification to Default.ini is to create a parameter that can be presented in the GUI to allow the administrator to select the OU required for this PC

Create an entry in the section

[Default]
$DomainOU$

Create a section at the bottom of the file as below:

[$DomainOU$]
Type=MapList
Trans=yes
MaxLength=150
Comment=Select the OU for the target PC to join
item="" default
item="OU=testOU1,DC=domain,DC=Domain,DC=com" testOU1
item="OU=testOU2,DC=domain,DC=Domain,DC=com" testOU2
item="OU=testOU3,DC=domain,DC=Domain,DC=com" testOU3
item="OU=testOU4,DC=domain,DC=Domain,DC=com" testOU4
item="OU=testOU5,DC=domain,DC=Domain,DC=com" testOU5
item="OU=testOU6,DC=domain,DC=Domain,DC=com" testOU6

Note: If you have special characters such as the German Umlaut in the OU name then it is essential that you have the _oem at the end of the parameter name. Without this the character is incorrectly encoded on the target PC causing the PC to fail to join the Domain.


Once you have made the modification in default.ini, it needs to be registered into OSIM using the Update OS Image Wizard.

Figure 3

Read the instructions and click next.

Figure 4

Select the OS Image you have made the modifications to.

Figure 5

Select the option 'Update the image registration in a domain only'.

Figure 6

Choose where you wish to register the change.

Figure 7

Provide any security if desired.

Figure 8

Confirm the Summary and click Finish.

Figure 9

Once you receive the success notification click OK.

Figure 10

You can now view the new Parameter in the DSM Explorer for this OS Image.

Figure 11

Note: The original screenshot above contains parameter, "LDAP_path_of_OU", coming from the Default.ini file. For simplicity, this was changed to "DomainOU" in the code/script update at the top of this document.  The name used is ambiguous, as long as it is consistent!

With the above modification you can specify the OU that you wish the target PC to join.