Using RestPS to Access the MDT Database

By Johan Arwidmark / July 28, 2021
Share
Share

This week I needed to access the MDT Database via HTTPS for a cloud imaging implementation. The task at hand was to retrieve the computer name from the database by sending the computers serial number to it, but this technique can be used to read or write any settings in the database.

This could have been done via a regular web service written in C#, but this time I wanted to use the RestPS PowerShell Framework developed by Justin Sider. Benefits of having a PowerShell script as a web service is obviously that any techie can change it, without having skills in C#. Also running most of the code server-side instead of on the client improves performance as well as security.

To learn more about the core RestPS setup, check this post from my good friend Mikael Nystrom: Nice to Know – Running RestPS as a Service.

For this project there are four main steps:

  • Setup the RestPS framework
  • Populate the MDT database with your computers
  • Create the server-side script for RestPS that talks to the database
  • Create the client-side script, that talks to the RestPS service

Server Side Setup – MDT Database

In the MDT database, I had prestaged the machines with their serial number, and populated the OSDComputerName field with the computer name. Like the sample below:

ID 2: showing the serial number used for prestaging
ID 2: showing the value set for the OSDComputerName variable

Server Side Setup – RestPS POST script

Here is the server side script used to communicate with the database. For this script I'm using the MDT Database PowerShell module written by Michael Niehaus. It contains 60+ cmdlets for reading and writing various settings in the MDT database.

param(
    $RequestArgs
)

Function Write-Log{
	param (
    [Parameter(Mandatory = $true)]
    [string]$Message
   )

   $TimeGenerated = $(Get-Date -UFormat "%D %T")
   $Line = "$TimeGenerated $Message"
   Add-Content -Value $Line -Path $LogFile -Encoding Ascii

}

# set the log file name
if ($psISE){
    $Logfile = (Split-Path -Path $psISE.CurrentFile.FullPath) + "\Invoke-MDTDatabaseSetting.log"
}
else{
    $Logfile = "$global:PSScriptRoot\Invoke-MDTDatabaseSettings.log"
}

$SerialNumber = $RequestArgs.split("=")[1]

# Importing the MDT Databe PowerShell Module
Import-Module "E:\Setup\MDTDB\MDTDB.psm1" -Force

# Connect to MDT database
Connect-MDTDatabase -sqlServer MDT03 -instance SQLEXPRESS -database MDT

# Get the computer details
$MDTComputer = Get-MDTComputer | Where-Object SerialNumber -eq $SerialNumber

# Return the computer name
$OSDComputerName = $MDTComputer.OSDComputerName
return "$OSDComputerName"

Client Side Script

Below you find the client side script, that contacts the RestPS web service

Function Write-Log{
	param (
    [Parameter(Mandatory = $true)]
    [string]$Message
   )

   $TimeGenerated = $(Get-Date -UFormat "%D %T")
   $Line = "$TimeGenerated $Message"
   Add-Content -Value $Line -Path $LogFile -Encoding Ascii

}

# set the log file name
if ($psISE){
    $Logfile = (Split-Path -Path $psISE.CurrentFile.FullPath) + "\PSDGetOSDComputerNameFromDatabase.log"
}
else{
    $Logfile = "$global:PSScriptRoot\PSDGetOSDComputerNameFromDatabase.log"
}

# Get the serial number from WMI
$SerialNumber = Get-WmiObject Win32_BIOS | Select-Object -ExpandProperty SerialNumber

# Get the client cert
$ClientCert = Get-ChildItem Cert:\LocalMachine\My | Where-Object {$_.FriendlyName -eq "PC0001"}
$SSLThumbprint = $ClientCert.Thumbprint

# Set parameters
$RestPSServer = "MDT03.corp.viamonstra.com"
$RestPSMethod = "MDTDataBase"
$RestPSPort = "8080"
$RestPSArgument = "SerialNumber=$($SerialNumber)"
$Uri = "https://$RestPSServer`:$RestPSPort/$RestPSMethod`?$RestPSArgument"
Write-Log -Message "Connecting to $RestPSServer on port $RestPSPort, using method $RestPSMethod, adding argument: $RestPSArgument"

$HttpsParams = @{
  Uri = $Uri 
  Method = 'POST'
  Certificate = $ClientCert
  UseBasicParsing = $true
}
Invoke-RestMethod @HttpsParams
About the author

Johan Arwidmark

0 0 votes
Article Rating
Subscribe
Notify of
guest
4 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Joe Hiltabidel
Joe Hiltabidel
1 year ago

Johan – I used to have a robust MDT instance setup and used the database for everything. Loved it. I changed jobs and haven't touched MDT in 8 years. I'm back at it now and cannot get the database working to save my life. My database is setup to use Windows authentication. SQLServer and SQLBrowser are allowed through firewall. But the client seems to ignore the database completely. Is there a way to test the connectivity to the database from the client once it is booted to the USB key? Or a checklist of things I can go through?

0
Reply
Johan Arwidmark
Author
Johan Arwidmark
9 months ago
Reply to  Joe Hiltabidel

Hi Joe,
Sorry for the very late reply, but yes, you can use the MDT simulation to verify database access. See this post: https://www.deploymentresearch.com/save-time-and-avoid-pain-create-a-mdt-simulation-environment/

0
Reply
saini
saini
1 year ago

We have an API server hosted containing device serial numbers and the other details related to business units and all.
Is it possible to get data from the API server during MDT deployment of OS on a device. It should send the device serial number as API request and in return based on the result, it should pick the machine name, OS type or task sequence from the list and even assigning admin groups and all other configurations.
Please suggest how to setup this.

0
Reply
Johan Arwidmark
Author
Johan Arwidmark
1 year ago
Reply to  saini

Yes, that can certainly be done. I've done similar customizations for MDT customers in the past. That being said, it's more complicated than I can provide a solution for with a single comment to a blog post. If you need assistance with that it would have to go via a consulting contract of sorts. If that is of interest, please drop me a link on LinkedIn, and I'm happy to help. / Johan

0
Reply
←Previous post Next post→
>