programming4us
programming4us
DESKTOP

Windows 7 : Tweaking Your WDS Server - Manage Domain Membership Using WDS

11/21/2013 7:53:34 PM

You may have noticed something to do with computer accounts while reading about client naming policy in the previous section. WDS will join to a domain the computers that it builds. You can control exactly how this is done.


Specifying Computer Account Location

You can manage how WDS joins computers to Active Directory by opening the properties of the WDS server in the WDS console and navigating to the AD DS tab. The computer account location policy can be configured, once per WDS server, with one of four possible settings:


Same Domain As The Windows Deployment Services Server

This is the default policy. WDS will join the newly built machine to the same Active Directory domain as the WDS server. The computer object will be created in the default location, which is usually the Computers container. This location might not be appropriate. The user may be a member of a different domain in the forest and their computer should be in the same domain as they are. Or administrators may want to create computer objects in an organizational unit (OU) so that they can inherit configured Group Policy Objects.


Same Domain As The User Performing The Installation

With this policy enabled, the computer will be joined to the same domain as the user who logged into the WDS client. This policy can be beneficial in a multidomain organization. The computer account will be created in the default location for that domain, which is usually the Computers container. This strategy may not be desired if there are policies that must be inherited.


Same Organizational Unit As The User Performing The Installation

The new computer object will be created in the same OU as the user who logged into the WDS client. If this is an end user, this strategy can be effective. The computer object is created where it will inherit the appropriate policies and where delegated administration has been set up. However, this approach will not be useful if an administrator is building the computer because the computer object will be created in an administrative OU rather than in a user's OU. It would also be inappropriate if you use dedicated OUs for computer objects.


The Following Location

This policy allows you to specify a domain (in the forest) and OU/ container where the new computer object will be created. This is useful if you plan to have one location for all computer objects that will be created by a WDS server. However, a very large site may have different OUs or domains for users and computers. This policy will only allow you to select one location that must suit every machine that the WDS server will be used to prepare.

There is no one policy that will suit everyone. You should evaluate your organization's requirements for computer account location and then choose the policy that best meets those needs.

The WDS server will require some rights to create or manage computer accounts in the specified Active Directory locations. You can do this in Active Directory Users And Computers by right-clicking the required OU and selecting Delegate Control. You will specify Computers under Object Types and enter the computer name of the WDS server. Select Create A Custom Task To Delegate. Click Create Selected Objects In This Folder and select Computer Objects. Grant the Full Control permission. The WDS server will have rights to create computer objects in the OU when you complete the wizard.

An Example of Computer Account Location

Imagine that the company Deploy.com is a multinational organization with offices in three different countries:

  • San Francisco, USA

  • New Orleans, USA

  • Beijing, China

  • Shanghai, China

  • Dublin, Ireland

  • Galway, Ireland

The company has built a single-domain Active Directory called deploy.com. An organizational unit architecture has been set up as follows:

  • [domain] Deploy.com

  • [OU] The Company

  • [OU] The Company => San Francisco

  • [OU] The Company => San Francisco => Users

  • [OU] The Company => San Francisco => Groups

  • [OU] The Company => San Francisco => Computers

  • [OU] The Company => New Orleans

  • [OU] The Company => New Orleans => Users

  • [OU] The Company => New Orleans => Groups

  • [OU] The Company => New Orleans => Computers

This pattern continues to provide OUs for the remaining offices in the company. A WDS server is deployed in each office. Any computer objects that are created should be joined to the Computers child OU for the relevant location.

The computer account location policy will be configured to use the setting The Following Location. Each WDS server will be configured to join computers to the relevant Computers OU for its location. For example, the New Orleans WDS server will create computer objects in the The Company => New Orleans => Computers OU.

This approach ensures that computer objects are created in an OU where delegated Active Directory administrators will have permissions to access them and that the computers will inherit policy that is relevant to their logical location in the company.


1. Advanced Domain Controller Settings

In extremely large Active Directory environments, you may need to control which domain controllers the WDS server will work with. You can manage the domain controller settings by opening the properties of the WDS server in the WDS console and navigating to the Advanced tab, shown in Figure 1.

By default, the WDS server will use any domain controller that it discovers by normal methods. This is perfectly valid in most environments. In some scenarios, such as where there is a massive load on production domain controllers, you may need to configure the WDS server to use specific domain controllers that won't impact on line-of-business services.

You can select the Windows Deployment Services Should Use The Following Services option and then select a specific domain controller and global catalog replica that WDS should use.

Figure 1. Advanced domain controller settings
Other  
  •  Windows Server 2003 : Distributing Software with Group Policy (part 3) - Deploying Software with Group Policy
  •  Windows Server 2003 : Distributing Software with Group Policy (part 2) - Setting Windows Installer Package Properties
  •  Windows Server 2003 : Distributing Software with Group Policy (part 1) - Specifying Software Deployment Properties for the GPO
  •  Windows 7 : Tweaking Your WDS Server - Using WDS to Name Machines
  •  Windows 7 : Microsoft Deployment Toolkit 2010 - Deploying Your First Image
  •  Windows 7 : Microsoft Deployment Toolkit 2010 - Creating and Populating a Deployment Share (part 6) - Updating the Deployment Share
  •  Windows 7 : Microsoft Deployment Toolkit 2010 - Creating and Populating a Deployment Share (part 5) - Creating a Task Sequence
  •  Windows 7 : Microsoft Deployment Toolkit 2010 - Creating and Populating a Deployment Share (part 4) - Populating the Deployment Share - Importing Drivers, Importing Packages
  •  Windows 7 : Microsoft Deployment Toolkit 2010 - Creating and Populating a Deployment Share (part 3) - Populating the Deployment Share - Importing Applications
  •  Windows 7 : Microsoft Deployment Toolkit 2010 - Creating and Populating a Deployment Share (part 2) - Populating the Deployment Share - Importing Operating Systems
  •  
    video
     
    Video tutorials
    - How To Install Windows 8

    - How To Install Windows Server 2012

    - How To Install Windows Server 2012 On VirtualBox

    - How To Disable Windows 8 Metro UI

    - How To Install Windows Store Apps From Windows 8 Classic Desktop

    - How To Disable Windows Update in Windows 8

    - How To Disable Windows 8 Metro UI

    - How To Add Widgets To Windows 8 Lock Screen

    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010
    programming4us programming4us
    programming4us
     
     
    programming4us