Thursday, September 15, 2011

Provisioning Computer Accounts with netbootGUID for WDS Deployment

At $EmployingUniversity we have a relatively unique spin on WDS image deployment. We use WDS with a single answer file for all labs that calls a PowerShell script that installs the appropriate software based on the computer name. In all labs, the beginning of the computer names designate what lab it's in, so it's easy for us to parse.

Since the entire process relies on the computer name being right, pre-staging computer accounts in Active Directory is a must. Our WDS servers are configured to not respond to unknown clients, which means that the netbootGUID attribute for each computer account needs to be set before WDS will respond with a PXE image. Luckily for me, Lenovo includes a barcode that has the serial number and MAC address on it. If you didn't know, WDS will respond to machines that have either their GUID set in netbootGUID or that has twenty zeroes and the MAC address in that field. It's much easier for us to use the MAC for this purpose, since Lenovo makes it easy to get that with a hand scanner.



Our End-User Support Manager will scan these for all new machines and send me a CSV that includes the MAC and what the computer should be named. Since there are times when we need to provision 100 or more machines at a time, I had to come up with a way to get this data into Active Directory automatically. Below is the resulting PowerShell script. There are no bugs that I know of, but if you use it and find any, let me know!


Edit: Updated on 11/2/2011 with a much faster and more reliable way to check for the existence of the object.

2 comments:

  1. Thanks for this. I modified it a little.

    <#
    .SYNOPSIS
    New Computer Object creator script with the capability of setting netbootGUID attribute
    Datasource has to be a CSV file:
    First field: COMPUTERNAME
    Second field: COMPUTERMAC
    .DESCRIPTION
    MAC Address format example: 3C970EA59F1B
    No dash, no columns.

    Example CSV file:

    COMPUTERNAME,COMPUTERMAC
    UKLONHTL010001,3C970EA59F1B
    UKLONHTL010002,3C970EA59FA1
    UKLONHTL010003,3C970EA59FA2
    .PARAMETER
    CSVFile as the datasource
    .EXAMPLE
    New-ADComputerPrestage.ps1 -CSVFile WDSComputers1.csv
    #>

    Param(
    [string]$CSVFile
    )

    $ErrorActionPreference = "Stop"

    if (!$CSVFile) {
    Write-Error -Message "Error: CSVFile argument is empty." -Category InvalidArgument
    }

    Import-Module ActiveDirectory

    Import-Csv $CSVFile | ForEach-Object {

    $COMPUTER_NAME = $_.COMPUTERNAME
    $COMPUTER_MAC = $_.COMPUTERMAC

    $CheckExists = Get-ADObject -Filter {(ObjectClass -eq "computer") -and (Name -eq $COMPUTER_NAME)}

    if ($CheckExists -eq $NULL){
    [guid]$nbGUID = "00000000-0000-0000-0000-$COMPUTER_MAC"
    new-adcomputer -Name $COMPUTER_NAME -SamAccountName $COMPUTER_NAME -OtherAttributes @{'netbootGUID'=$nbGUID}
    write-host $COMPUTER_NAME " - " $nbGUID
    }
    else {
    write-host "$COMPUTER_NAME already exists."
    }

    }

    ReplyDelete
  2. Thanks - this just saved me an hours work!

    ReplyDelete