First a pull server is needed to be setup. This is straight forward and can be configured with DSC by pushing to the desired server's LCM (Local Configuration Manager).

configuration HTTPSPullServer  
    # Modules must exist on target pull server
    Import-DSCResource -ModuleName xPSDesiredStateConfiguration

    Node vmnocnmdsctst01
        WindowsFeature DSCServiceFeature
            Ensure = "Present"
            Name   = "DSC-Service"

        xDscWebService PSDSCPullServer
            Ensure                  = "Present"
            EndpointName            = "PSDSCPullServer"
            Port                    = 8080
            PhysicalPath            = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
            CertificateThumbPrint   = 'A5D4AA2C53372430BA2E9997A542AEA4631D0A8C'
            ModulePath              = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
            ConfigurationPath       = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
            State                   = "Started"
            DependsOn               = "[WindowsFeature]DSCServiceFeature"

        xDscWebService PSDSCComplianceServer
            Ensure                  = "Present"
            EndpointName            = "PSDSCComplianceServer"
            Port                    = 9080
            PhysicalPath            = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
            CertificateThumbPrint   = "AllowUnencryptedTraffic"
            State                   = "Started"
            DependsOn               = ("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer")

# Generate MOF
HTTPSPullServer -OutputPath C:\DSC\HTTPS  
#Set it's local configuration manager

Set-DscLocalConfigurationManager vmnocnmdsctst01 C:\DSC\HTTPS  

DSC Flow

  • Generate computer list from Active Directory OU.
  • Get computer GUID from AD and setup it's LCM to talk to our Pull server.
  • Create a psd1 file based on the queried information, include any fields that are desired (OU, OS)
  • Create sets of configurations based on querying node attributes from psd1 files.
  • Run script to generate mof files and checksums for each node. Upload them to the pull server.