This week I needed to access the MDT Database via HTTPS for a cloud imaging implementation. The task at hand was to retrieve the computer name from the database by sending the computers serial number to it, but this technique can be used to read or write any settings in the database.
This could have been done via a regular web service written in C#, but this time I wanted to use the RestPS PowerShell Framework developed by Justin Sider. Benefits of having a PowerShell script as a web service is obviously that any techie can change it, without having skills in C#. Also running most of the code server-side instead of on the client improves performance as well as security.
To learn more about the core RestPS setup, check this post from my good friend Mikael Nystrom: Nice to Know – Running RestPS as a Service.
For this project there are four main steps:
- Setup the RestPS framework
- Populate the MDT database with your computers
- Create the server-side script for RestPS that talks to the database
- Create the client-side script, that talks to the RestPS service
Server Side Setup – MDT Database
In the MDT database, I had prestaged the machines with their serial number, and populated the OSDComputerName field with the computer name. Like the sample below:


Server Side Setup – RestPS POST script
Here is the server side script used to communicate with the database. For this script I'm using the MDT Database PowerShell module written by Michael Niehaus. It contains 60+ cmdlets for reading and writing various settings in the MDT database.
param(
$RequestArgs
)
Function Write-Log{
param (
[Parameter(Mandatory = $true)]
[string]$Message
)
$TimeGenerated = $(Get-Date -UFormat "%D %T")
$Line = "$TimeGenerated $Message"
Add-Content -Value $Line -Path $LogFile -Encoding Ascii
}
# set the log file name
if ($psISE){
$Logfile = (Split-Path -Path $psISE.CurrentFile.FullPath) + "\Invoke-MDTDatabaseSetting.log"
}
else{
$Logfile = "$global:PSScriptRoot\Invoke-MDTDatabaseSettings.log"
}
$SerialNumber = $RequestArgs.split("=")[1]
# Importing the MDT Databe PowerShell Module
Import-Module "E:\Setup\MDTDB\MDTDB.psm1" -Force
# Connect to MDT database
Connect-MDTDatabase -sqlServer MDT03 -instance SQLEXPRESS -database MDT
# Get the computer details
$MDTComputer = Get-MDTComputer | Where-Object SerialNumber -eq $SerialNumber
# Return the computer name
$OSDComputerName = $MDTComputer.OSDComputerName
return "$OSDComputerName"
Client Side Script
Below you find the client side script, that contacts the RestPS web service
Function Write-Log{
param (
[Parameter(Mandatory = $true)]
[string]$Message
)
$TimeGenerated = $(Get-Date -UFormat "%D %T")
$Line = "$TimeGenerated $Message"
Add-Content -Value $Line -Path $LogFile -Encoding Ascii
}
# set the log file name
if ($psISE){
$Logfile = (Split-Path -Path $psISE.CurrentFile.FullPath) + "\PSDGetOSDComputerNameFromDatabase.log"
}
else{
$Logfile = "$global:PSScriptRoot\PSDGetOSDComputerNameFromDatabase.log"
}
# Get the serial number from WMI
$SerialNumber = Get-WmiObject Win32_BIOS | Select-Object -ExpandProperty SerialNumber
# Get the client cert
$ClientCert = Get-ChildItem Cert:\LocalMachine\My | Where-Object {$_.FriendlyName -eq "PC0001"}
$SSLThumbprint = $ClientCert.Thumbprint
# Set parameters
$RestPSServer = "MDT03.corp.viamonstra.com"
$RestPSMethod = "MDTDataBase"
$RestPSPort = "8080"
$RestPSArgument = "SerialNumber=$($SerialNumber)"
$Uri = "https://$RestPSServer`:$RestPSPort/$RestPSMethod`?$RestPSArgument"
Write-Log -Message "Connecting to $RestPSServer on port $RestPSPort, using method $RestPSMethod, adding argument: $RestPSArgument"
$HttpsParams = @{
Uri = $Uri
Method = 'POST'
Certificate = $ClientCert
UseBasicParsing = $true
}
Invoke-RestMethod @HttpsParams
Johan – I used to have a robust MDT instance setup and used the database for everything. Loved it. I changed jobs and haven't touched MDT in 8 years. I'm back at it now and cannot get the database working to save my life. My database is setup to use Windows authentication. SQLServer and SQLBrowser are allowed through firewall. But the client seems to ignore the database completely. Is there a way to test the connectivity to the database from the client once it is booted to the USB key? Or a checklist of things I can go through?
Hi Joe,
Sorry for the very late reply, but yes, you can use the MDT simulation to verify database access. See this post: https://www.deploymentresearch.com/save-time-and-avoid-pain-create-a-mdt-simulation-environment/
We have an API server hosted containing device serial numbers and the other details related to business units and all.
Is it possible to get data from the API server during MDT deployment of OS on a device. It should send the device serial number as API request and in return based on the result, it should pick the machine name, OS type or task sequence from the list and even assigning admin groups and all other configurations.
Please suggest how to setup this.
Yes, that can certainly be done. I've done similar customizations for MDT customers in the past. That being said, it's more complicated than I can provide a solution for with a single comment to a blog post. If you need assistance with that it would have to go via a consulting contract of sorts. If that is of interest, please drop me a link on LinkedIn, and I'm happy to help. / Johan