Defining MDT Database Role during SCCM OSD

By | July 16, 2013

I have been testing integration with the MDT 2012 Database and ConfigMgr 2012 SP1 OSD.

So far I have had no problems configuring the database, generating the customsettings.ini, and having the Gather step process the rules and find appropriate settings based on Location when I am testing my PXE deployments. This is easy, because Locations are tied to default gateways, which are always discovered during a deployment. There is no need to tell the “Gather” step how to suck eggs (or find our location in the database!) because it has the key to form a query (the gateway)

I wanted to extend this and define some Role based settings and associate some packages to Roles.

I defined the Roles in the database, entered the desired settings, but how to have the gather step work out what Role i am deploying? I did not want to create a link to the Role based on one of the other MDT DB tables (Location, Computer, Make/Model etc). I wanted a role that could be various makes/models, locations, or computers.

Since the “Role” is stored in a task sequence variable, i first ran a test where i manually set the variables value to my desired role value using the “Set Task Sequence Variable” step. I created the variable “Role” and set it to the value that is in my database, and it worked fine. Role specific packages were installed as expected. To expand on this, I created a few different collections, each for a different deployment role, and deployed my task sequence to each one. I created a collection variable “Role” on each collection, set to a different value that corresponds to a role in my MDT DB.
What i found was that during the initial client identity request when OSD begins, the client would request collection variable policy, and no variables would be created. Other collection variables worked fine.

I then tried setting the “Role” variable on the machine itself, and the same thing happened. No machine variables were discovered during the policy request.

To work around this, I changed the name of my collection variables to something else – “BuildRole”. Then I added a “Set Task Sequence Variable” step in the task sequence, with the variable name “Role” and the value “%BuildRole%”.

Hey presto ! the ZTIGather log shows the ROLE based select statements using my variable value as the key, and the settings and packages were applied. I can only assume that the variable for Role must be somewhat reserved, although still able to be set during the task sequence step.  I couldnt find this in the print ready documentation that comes with MDT 2012 Update 1.

Interestingly, during my debugging of this issue I tried Cameron K’s very handy script for echoing task sequence variables during a deployment (  – the custom variable “BuildRole” returned a value, but “Role” does not. Even when it is being set correctly and working fine!  Another OSD Mystery..



5 thoughts on “Defining MDT Database Role during SCCM OSD

  1. Fareed

    Hello Sir,

    I need a little help regarding MDT and SCCM configuration.

    I want to make use of MDAT roles in and SCCM task sequence.After install Windows and confimgr step , i am adding a toolkit and then a gather task to process rules . give it a customsettings.ini . i have configured the MDT DB and roles based on Default gateway. the TS runs but the app defined in the MDT DB/Role does notget installed.

    can you guid me towards any article or drop me a line about how to achieve it please.



    1. Matt Post author

      Hey Fareed,

      There are a few ways to accomplish this. I think that integrating the MDT DB in the way I described in the post is great for automating settings, but maybe not applications.

      I am assuming that if you have SCCM and MDT, you have your applications created in SCCM.
      If you have confirmed that your deployments are picking up the role from the MDT DB, in your SCCM task sequence, you can create an “Install Applications” step, and add a condition on the step that the task sequence variable for your role, is equal to the role you have defined in the DB. Make sure to read my notes regarding setting collection variables for the “buildrole”.

      You can add multiple install application steps, with conditions to match the roles you have set in the DB, and only the one that matches your role will execute.

      This way the application installs and management are handled in the native SCCM “install applications” tasks, rather than the MDT step which relies on variables and is difficult to implement and troubleshoot.

      Shoot me a note if you need any more help

  2. Thomas

    Hi, hopefully this blog will be monitored anymore. I’m in a similar Scenario using SCCM OSD in conclusion with the MDT Database and Roles defined.

    The instructions above work absolutely fine unless there are roles assingned to Locations as well. If so, the Location assigned roles will always win and be overwriting the BuildRole defined in the Task Sequence variables.

    Any ideas how to use both, the roles assigned to a Location within the MDT Database and additionally use more roles defined in the MDT Database by using Task Sequence Variables?

    Thanks in advance,

    1. Matt Post author

      Hey Thomas, is monitored 🙂 It has been a while since this post! and a while since I had to deep dive into the MDT database.

      I am assuming you have multiple roles to perform different task sequence actions or groups of actions during your SCCM deployment.

      Assuming these are separated, (location based role steps , then other role steps etc) – have you considered using a different customsettings.ini file, and a new ZTIgather step? You can call a different customsettings.ini file using “cscript.exe ZTIgather.wsf /Inifile:”..\Control\customsttings.ini”. Off the top of my head I’m not sure if that will fix the problem, but it’s possible that you could use your current customsettings.ini, gather, then apply location based steps, THEN set the buildrole task sequence variable, THEN do another gather step with the new customsettings.ini not using location/default gateway, then apply your other role steps?

      Again, just a thought, I don’t have an MDT environment in front of me with all of this configured to test. This is a really good article about all the customisation you can do with customsettings.ini –

      Hope it helps,


      1. Thomas

        Hi Matt,
        different customsettings.ini files won’t help in my Scenario, as I want to use both SCCM Variables AND the MDT Database for Roles (and further more for sure Role-Apps, Role-Settings, and Role-Packages).

        The Scenario Looks like this:
        Role001 = Office365x86 (containing all the Office 365 Appplications, Packages, and Settings) – assigned via SCCM Variables to the Computer Device
        Role002 = Office365x64 (containing all the Office 365 Appplications, Packages, and Settings) – assigned via SCCM Variables to the Computer Device optionally instead of Role001
        Role003 = SAP740 (containing all the SAP740 Appplications, Packages, and Settings) – assigned via SCCM Variables to the Computer Device
        Role004 = SAP730 (containing all the SAP730 Appplications, Packages, and Settings) – assigned via SCCM Variables to the Computer Device optionally instead of Role003
        Role005 = JoinDomain EMEA (containing all JoinDomain Settings assigned to all EMEA Locations using MDT Database)
        Role006 = JoinDomain AP (containing all JoinDomain Settings assigned to all AsiaPacific Locations using MDT Database)
        Role007 = JoinDomain AM (containing all JoinDomain Settings assigned to all American Locations using MDT Database)
        Role008 = German (containing all German Regional Settings and Language Pack Applicaions / Packages assigned to all German Locations using MDT Database)
        Role009 = English (containing all English Regional Settings and Language Pack Applicaions / Packages assigned to all English Locations using MDT Database)

        We want to avoid to maintain all Computer Devices within the MDT Database, therefore we cannot assign the Role001 – Role004 to Computer Accounts or something else within the MDT Database. For those we want to use SCCM Variables in Addition to those queries from the Locations of the MDT Database. So multiple customsettings.ini files won’t help.

        Eventually I can fake the Computer Queries to use the variable Content instead of the roles that are assigned to the Computer Account.

        Thanks and regards,


Leave a Reply

Your email address will not be published.