Zero Touch Installation (ZTI) is the pinnacle of OS deployment! Once a machine is imaged, ZTI means never visiting the machine again for re-imaging. Think for a second how much time is wasted by having to physically visit each machine when re-imaing! Most organizations believe it is only possible to reach ZTI with solutions like System Center Configuration Manager (SCCM). In fact, Microsoft clearly states that SCCM is a requirement to get to ZTI. I am here to tell you that ZTI is possible without SCCM! Start by importing computers into the MDT Database with PowerShell:
What is the MDT Database?
This guide will assume you already have MDT configured and that you have the MDT database setup (though not populated). If you aren’t at the step yet, you can keep reading but you might want to check out these two resources:
When MDT is completely configured, you should have a full CustomSettings.ini that pre-populates most of your deployment settings. You will be left with a few options that have to be manually filled out though. The big two that have to be selected is the computer name and the Task Sequence. This is where the MDT database comes in.
The MDT database links future deployments with existing computers. As you can see in the picture above, the physical computer alt01n01 has a computer object in the MDT database. This object stores the computer’s serial number and a fake asset tag (which we will talk about on a future post). When alt01n01 begins imaging, it will search the database for its serial number. Once found, it will search for custom values that should replace the default values found in CustomSettings.ini. To ensure that no prompt appears during the imaging process, we fill out the OSDComputerName, TaskSequenceID, SkipComputerName, and SkipTaskSequence attributes on our computer object in the MDT database. We do this for all 6,500 computers in our organization!
Holy Crap Batman! How much time does that take!
About 15 seconds! Importing computers is actually very easy if you already have the serial numbers of your computers. Because you already use Active Directory to inventory your computers, your serial numbers are automatically recorded for you!
The only trick is to extract the serial numbers from AD and to import them into MDT. Luckily, PowerShell is pretty good at these kind of tricks and can automate this task with a short script:
Import-Module –name ".\MDTDB.psm1" Connect-MDTDatabase –sqlServer sql.test.local –database MDT $computers = Get-QADComputer -Identity * -SearchRoot "OU=Domain Sites,DC=Test,DC=local" -SizeLimit 0 | Select-Object name,description | Sort-Object Name Foreach ($computer in $computers) { $computer.Description = ($computer.Description).trimstart("Computer: ") $computer.Description = ($computer.Description).Substring(0,7) New-MDTComputer -description $computer.name -assetTag $computer.name -SerialNumber $computer.Description -settings @{ OSInstall='YES'; OSDComputerName=$computer.name; TaskSequenceID='WIN7SP1X86'; SkipComputerName='Yes'; SkipTaskSequence='Yes'; } }
Our script starts by importing the MDT Database PowerShell module and connecting to our MDT database. If you don’t have the MDTDB module, it can be downloaded from here. Next, we search AD for our computers and grab the Name and Description attributes. Our description contains more than just a service tag. By using .TrimStart and.Substring, we can filter out everything but the serial number. If your serial numbers are more than 7 characters long, you will need to change (0,7) to fit your environment.
Finally, we use the New-MDTComputer cmdlet to create our computer object. The real bulk of this command is in the -settings section. If you need to specify additional settings, just grab the computer attribute from the database and create a new line under SkipTaskSequence. Just be sure to keep the syntax the same (quotes and semicolons).
By using the script above, you can effortlessly import all of your computers into the MDT database. By importing computers into the MDT database with PowerShell, you’ve tackled one of the biggest hurdles in getting to a ZTI environment! If you have any questions (or improvements), leave a comment!
Do you know of a script for synchronizing? For example, if Computer A1 is deleted, and B2 has its serial number changed (for a replaced computer with same AD name), those changes would be reflected on MDT.
Didn’t see anything online, so went ahead and wrote one. Here’s a link to my post on it:
https://community.spiceworks.com/scripts/show/4097-synchronize-mdt-database-with-ad
Nice write-up, Nate!
Hi Joseph,
Do you have any script to import Computer Name, SerialNumber, Asset Tag, macaddress from CSV file to MDT database.
Man thanks in advance for your help
Sam
Hi,
Thanks for posting. This is a very nice post and everything has been described in clear.
I am having a small doubt if we import computers manually into MDT database is that computers will replicate on SCCM console?
If yes could you please suggest the steps or just we need to integrate MDT with SCCM..
The MDT database is separate from the SCCM database. If you want them to appear in the SCCM console, ensure that the SCCM client is installed during imaging.
When are you following up on these guides. I really want to set this up at all my schools. I’m currently going from 7 to 8.1 and this would be a massive help!
What exactly are you needing to know?
Basically, whats the next step? How do you get your machines to boot into LiteTouch? Are you doing this remotely or are you having to individually set each machine to boot from lan?
I am doing this remotely – I am working on a guide now.
I am currently researching MDT to get to ZTI for my company. I have our WDS pretty much at the point that we manually boot for PXE, tell it the Image to install and format the drive. (We are not sure if we want to setup Wake On LAN to do this, unless you have another option for this) I have it automated to the point that it gets to the login screen from there. We currently have almost 80 Vista machines that eventually will be gone and will allow us to use the ADK instead of AIK. I have made an excel file with preconfigured Computer Names, the MAC’s and the OEM Windows Keys for each system. From my understanding if I can get the MDT Database working will this allow for the serial key to be installed and activated and the Computer Name to be set based on the MAC?
We are currently waiting for our last of our 3 images to be finished and I would love to get this into place before that Is built.
Thanks for an amazing blog, it is so easy to follow and organized.
Sincerely,
Richard
Hey Richard! Thanks for commenting (and your kind words)! I am not sure if you are referring to MAC addresses or MAK license keys. So I will answer both ways. 🙂
You can actually modify the your Task Sequence to import the MAK key and activate it for you. Under the state restore phase, create a new command line task that runs:
cscript.exe c:\windows\system32\slmgr.vbs /ipk YOUR-KEY-SEPARATE-BY-DASHES
Then create a second command line task that runs:
cscript.exe c:\windows\system32\slmgr.vbs /ato
Both of these start in C:\Windows\System32.
Importorting the MAC addresses (or serial numbers) will let you automatically name machines and preconfigure certain options (like saying that certain machines should get a certain task sequence.
Does that answer your questions?
What benefits does this have? It looks relatively simple, but I am trying to think forward and see where this would help us. We typically only image computers when doing a refresh, or when we have turnover, which is rare. I am usually doing a side by side refresh, so typically a user will have the same computer image for three years, and then we refresh them with a new computer. We use WSUS to update the image, and I push application packages when there are updates to our apps. We are considering Windows 8.1 this year, so that may make this worthwhile, but could you please elaborate on what kind of things this will help us do?
Zero Touch Installation is the pinnacle of OS deployment. With ZTI, you can remotely image machines without having to input any information. You can even setup scheduled imaging with Active Directory. For example, we can place a group of computers into a security group for automatic imaging. A few months ago, we switched about 200 computers from an X86 to an X64 OS without any user intervention. The machines powered up at 3:00 AM and were running a whole new OS before the workday began.
Does that explain some of the benefits?
Can you explain that part to me? How did you use the security group to start up an imaging of the machine?
I really need to sit down and write up a detailed guide on this! But here is a rough idea.
You have a shutdown script that changes the PXE boot options on the device to set the NIC as the primary boot device. A second script removes the computer account from the imaging security group.
When the machine next starts, it will boot off of the nic – connect to your WDS/MDT server and image itself. During the imaging process, you will need to change the hard drive back to the primary boot device.