Monday, August 26, 2013

AD attributes to fully Automating OS deployment with WDS (Windows Deployment Services)

Microsoft provides many tools for deploying an Operating System (Windows 7, Windows 8, Windows Server 2008, Windows Server 2012).  Each has their pros and cons.  Some are easy to setup some a little harder.

One thing I found over the years at Microsoft was when setting up a test system that is physical hardware it is best to do a clean install, thus using WDS. 

The info below was used as part of the Automation system I developed while at the Microsoft Enterprise Engineering Center.  By using WDS with the automation system we were able to simply click on a server in the UI and select Image.  This would then kick off the OS Imaging workflow.
Deployment Steps:
  1. Power Server off (via Raritan Switched PDUs and SNMP)
  2. Move Network interfaces for server into correct Vlan (via Network Vlan plugin system)
  3. Set Active Directory Attributes below for WDS
  4. Set KVM interface Name (via Raritan Command Center APIs)
  5. Power Server ON (via Raritan Switches PDUs)
 Advantages of using WDS
  • No image to maintain for each model
  • No images to patch each month
  • System is clean and pure
  • Bases (install) images are easy to setup (just need the .WIM from the CD)
  • Does not require agents to be installed on everything
  • Allows for an easy system audit script to be run at the same time
  • Don't have to worry about a "safe OS" being installed on some drive

I am not going to go into detail on how to setup WDS or add boot or install images.  This is well documented on MSDN. http://technet.microsoft.com/en-us/library/jj648426.aspx.

I don't recommend using Stand-alone mode if you need a system that needs some resiliency.  The AD integrated option works the best!

A few requirements
We will be working with 2 AD attributes

netbootMachineFilePath

This attribute specifies what PXE client should be used when the computer boots.  You can use wdsutil /Set-Device /Device:<name> /BootProgram:<path> to set this.

3 common values
  • <WDS Server FQDN>\boot\x86\pxeboot.n12 - Tells the PXE client to NOT required F12. If you used the N12 option be sure to run "wdsutil /set-server /resetbootprogram:yes" on the WDS server. If you don't the clients will always be in reboot loop.
  • <WDS Server FQDN>\boot\x86\abortpxe.com - Tells the PXE client to abort any PXE boot attempt on that NIC and move to next device in boot order
  • <WDS Server FQDN>\boot\x86\pxeboot.com - Tells PXE to request the user to push F12.  Will move to next boot device if they don't.

netbootMirrorDataFile


This attribute holds the following items for a ZERO Touch deployment.
  • What boot file (WIM) to use - BootImagePath
  • Path to unattend XML file (provides path to install WIM) - WdsUnattendFilePath
  • If you want the computer joined to the domain - JoinDomain
As MSDN provides (in link above) the info is in Key=value; format.

Example: to use boot image foo, unattend bar and NOT join the domain

netbootMirrorDataFile=JoinDomain=0;BootImagePath=Boot\x86\Images\foo.wim;WdsUnattendFilePath=wdsclientunattend\bar.xml;

 Note the trailing ;.  See http://www.mikepoulson.com/2013/08/bindlsvc-error-522-from-wds.html for more info.

These items can also be set by running the following WDSUtil commands
  • WDSUTIL /Set-Device /Device:<name> /WDSClientUnattend:<path>
  • WDSUTIL /Set-Device /Device:<name> /BootImagePath:<path>
  • WDSUTIL /Set-Device /Device:<name> /JoinDomain:No

1 comment:

Aric Vogel said...

Thank you, this is just what I was looking for. It's amazing to think this zero-touch deployment has been part of WDS since Server 2003 (perhaps 2000 as well) yet nobody seems to know about it. When people ask if zero-touch PXE deployment is possible with WDS, most responses will say no and recommend using SCCM (it took me forever to find out that isn't the case).