• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Unclear how to drop devices into specific OUs on Domain Join

    Scheduled Pinned Locked Moved Unsolved
    FOG Problems
    3
    3
    117
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joshua_mchugh
      last edited by

      Hello,

      I am on the IT team for a school district with 4 buildings. We’re working on getting FOG set up in our environment. Currently, I’m stuck on the following:

      What I want to accomplish:

      • Computers in specific FOG groups ( e.g. Middle School Teachers) to be placed in the appropriate OU (e.g. OU=MS Teachers Laptops,OU=Teachers,OU=Computers,OU=MS,DC=EXAMPLE,DC=local) during imaging.

      What’s currently happening:

      • If I perform a full host registration, even if I associate the computer to the group I want, it seems to just apply default domain settings or not join domain at all.
      • If I perform a quick host registration, then manually set the computer to the group I want via the web interface, it doesn’t seem to join the computer to domain.

      At best, if I go through full host reggy, and tell it to specify domain, it will join our domain but pop it in our Default Computers OU, ignoring group settings.

      Is there a “Good And Proper” way to accomplish my goal here?

      george1421G JJ FullmerJ 2 Replies Last reply Reply Quote 0
      • george1421G
        george1421 Moderator @joshua_mchugh
        last edited by george1421

        @joshua_mchugh I’m not sure if there is a good and proper way to do it but there maybe some way to go about it.

        If you use an unattend.xml file that file and windows can place the computer into the proper OU. The idea is to use a post install script programmed in bash to dynamically update the unattend.xml script at deployment time. You can’t use fog group per se to do this since they are really “set groups” where the groupings are only used to bulk update parameters. But if your OU can’t be calculated you can use the user fields in the host record, and or the image name could be determined in the post install script.

        I’ve got some examples of how to calculate a host name and OU based on the target IP address of the computer being imaged. This isn’t your solution but shows you what is possible in a post install script in the links below.

        https://forums.fogproject.org/post/69726
        https://forums.fogproject.org/post/69725

        In one section of the links above it shows how to post a question at deploy time that could change how the OU path is calculated before the unattend.xml script is updated. The last tip is to use a post install script to leave bread crumbs behind so that the setupcomplete.cmd or the first run section of the unattend.xml file can find and integrate into an OU path. At one deployment we had to first set the target system’s OU to a clean OU used specifically for imaging because the OU GPOs would break OOBE/WinSetup. Once the system was fully configured we use the unattend.xml auto login and first run section to call a VBS script to read the bread crumb (info saved in a text file) to then finally move the computer to the correct OU.

        None of these are proper, but as they say if all you have is a hammer, everything looks like a nail.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        1 Reply Last reply Reply Quote 0
        • JJ FullmerJ
          JJ Fullmer Testers @joshua_mchugh
          last edited by

          @joshua_mchugh George’s mention of using a post install script to do it is more advanced but very worth the effort. Having it domain joined via sysprep specialize simplifies things in the long run.
          That being said, you’re probably misunderstooding groups, because they’re a little confusing. Groups in Fog do not dynamically update the OU of the host members, but it can be used to set the OU in bulk on members. There is a plugin to change the behavior of groups if you want, but I’d try it the normal way first.
          But if you set the OU on the host, then when it joins the domain via the fog client, it will be in that OU. It will not move a host to a different OU, unless you do something like manually leave the domain and change the computer name and then the fog service will rename the computer back to what it is in fog and then join the domain in the set OU.

          I personally use a post install script now that grabs the OU from to host and Injects that into my unattend file. I believe I’ve posted some examples in the past. If I remember tomorrow when I’m at a computer and not a phone, I’ll link them.

          Have you tried the FogApi powershell module? It's pretty cool IMHO
          https://github.com/darksidemilk/FogApi
          https://fogapi.readthedocs.io/en/latest/
          https://www.powershellgallery.com/packages/FogApi
          https://forums.fogproject.org/topic/12026/powershell-api-module

          1 Reply Last reply Reply Quote 0
          • 1 / 1
          • First post
            Last post

          170

          Online

          12.0k

          Users

          17.3k

          Topics

          155.2k

          Posts
          Copyright © 2012-2024 FOG Project