i’d split this up - use GPO or at minimum registry to achieve this then snapin to push out relevant xml start menu layout

Registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\Explorer] - 64bit location
“LockedStartLayout”=dword:00000001
“StartLayoutFile”="C:\PATH\TO\START\MENU\LAYOUT\.xml

you can partially lockdown start menu aswell so you give users a standard put they can pin their own stuff too (not allowed to edit what you’ve set)

the snapin could just handle which start menu they get

i.e. Admin-> this startmenu.xml
IT-> this startmenu.xml

just when they reach the location set in registry name it the same so like:
IT-Startmenu.xml copies locally to startmenu.xml
Admin-Startmenu.xml copies locally to startmenu.xml

Hope this makes sense

@RobTitian16

I realize this is a few month’s old. But you might want to check out and or contribute to the fog module I have in git and published in the powershellgallery, there’s a forum post with more info here https://forums.fogproject.org/post/120746
Also did you have a chance to try the code I posted back in september and see if that worked? Because it works for me.
And looking again at your code I would ask what the value of $useAD is, is it 1 it should be 1. And I would also try piping the object into convertto-json, I’ve had better luck with that, I think it parses it different i.e. $CreateHostJson = $HostJson | ConvertTo-Json I would also encapsulate everything in quotes on the splat.
The only other thing that might be an issue is the ADPass. When you get the password via the api it is returned in plain text (because you already authenticated with api keys, so it’s not like just anyone can grab it). When you input the password in the gui you put it in plaintext and it encrypts when you hit save, I don’t think the same thing happens if you set it through the api. My solution has been to always enable the default AD settings when adding a host via the gui or the pxe menu. But it sounds like you’re adding the host through the api. The “useAD”=“1” in the json should be causing the checkbox for the ‘join domain after deploy’ to be checked. Sadly when you check it from the api it doesn’t pull the default domain settings. You might try creating the host without the AD settings and then sending just the AD settings in an update/put command. If you copy paste the already encrypted password from a working host in the gui, that might do the trick as it seems to pass whatever you put in that field to be in plaintext.

So point is, try adding the domain stuff with an update api command after creating. And use the code I have in the example to help if needed.