Administrator Guide
Running the script
You must run the ADPreCreationTool script from a domain-joined computer, logged on as a domain administrator. (You cannot run the
script from the DVM.) To run the script:
1 Open a Windows PowerShell session.
2 Change to the directory in which the script is stored.
3 Run the script. The script has only one required parameter — the name of the parent OU to create for Dell Hybrid Cloud System for
Microsoft.
For example:
PS C:\>.\ADPreCreationTool -OU "<OU_Name>"
NOTE:
OU_Name
is the name of the parent OU. When you deploy the stamp, a child OU for that particular stamp is
created under the parent OU.
When the script runs, it prompts you for a new domain user account credential that is given delegated permissions to the parent OU. (The
account is created in the parent OU.) The new domain user account credential is the credential that you use when you deploy Dell Hybrid
Cloud System for Microsoft.
Check Group Policy settings
When the deployment process creates the Active Directory organizational unit (OU) for Dell Hybrid Cloud System for Microsoft, it blocks
policy inheritance on the OU. If your domain has Group Policy Objects (GPOs) that are congured at a higher OU or domain level with the
No Override option enabled, these policy settings apply to servers in the Dell Hybrid Cloud System for Microsoft stamp. These policy
settings may interfere with the deployment process and cause deployment to fail. In this case, Dell recommends that you disable the No
Override option during stamp deployment.
Known policy settings that cause deployment to fail include:
• The following policy settings under GPO_name\Computer Conguration\Policies\Windows Settings\Security Settings\Local
Policies\Security Options\:
• Accounts: Administrator account status (if set to Disabled)
• Accounts: Rename administrator account
• The following policy setting under GPO_name\Computer Conguration\Policies\Windows Settings\ Security Settings\Account
Policies\Password Policy\:
• Minimum password length — if set to >16
• If you have restricted groups congured under GPO_name\Computer Conguration\Windows Settings\Security Settings
\Restricted Groups.
• There are issues if there are policies in Members mode. The Member Of mode does not cause issues.
There are several other policy settings that may block deployment, such as Windows PowerShell settings, disabled services, and Windows
Firewall rules that block remote Windows PowerShell.
Overview
15