FriendsOfMDT
MachineObjectOU variable not processed.
The 'MachineObjectOU' variable in rules.ini isn't processed, i think. I've been trawling the scripts and documentation to find any hint of the OU that machine accounts are created in, without any luck.
MachineObjectOU is mentioned in the unattend -templates.
I might just be dimb - but i'm unable to find all possible customsettings.ini/rules.ini values listed anywhere. The user-account i have been using for MDT only had write-permissions to the OU found in <MachineObjectOU>
Hi there, i had the same issue and i was able to solve it this way: Delegateing AD Permissions
- In Active Directory users and Computers > Right Click on the OU where you want the devices to go > Delegate Control...
- Add the UserAccount that should Join the Device
- Create a custom task to delegate
Active Directory Object Type
- Computer objects
- Create selected objects in this folder
- Delete selected objects in this folder
Permissions
- Reset Password
- Read and write account restrictions
- Validated write to DNS host name
- Validated write to service principal name
- Finish
Hope this helps..
This is already in place and working with 'normal mdt' - i must have missed something completely. But thank you anyway, the guide will surely come in handy for some else searching here :)
I might just be dimb - but i'm unable to find all possible customsettings.ini/rules.ini values listed anywhere. The user-account i have been using for MDT only had write-permissions to the OU found in
Here is the Toolkit Reference for all the variables used by MDT/PSD.
Tried this myself and the MachineObjectOU did not work. Instead, I dug a little into the code and found that DomainJoinOU worked when specifying it in the CustomSettings.ini. I also had to add it to the properties
There is a fix for it coming. I did find the issue.
Did this ever get fixed?
@TheRealMethuselah This has been fixed in the new release. Please test it to make sure.
It also allows multiple OU selections using DomainOUs00, etc.