Since all of my nodes need to have a unique GUID (they don't share MOF files), I ended up using Raymond's trick of grabbing the GUID from active directory.
First, I have a script to generate the regular Hostname.MOF files. People can use these in Push mode to test their changes if they want to (they have to use -Force). Then, I have the following script to translate the Hostname.MOF to Guid.MOF and deploy that to the Pull server:
#Load up the configuration data . ..\ConfigurationData.ps1 # Copy all the MOF files based on Hostname into one based on their AD GUID (these get # sent to the Pull server, which only works on GUIDs, not hostnames). $source_path = $ConfigurationData.SourcePath #a local path containing the Hostname.MOFs $dest_path = $ConfigurationData.DestPath #a UNC path on the Pull server containing the Guid.MOFs if (!(Test-Path -path $dest_path)) {New-Item $dest_path -Type Directory} $ConfigurationData.AllNodes | % { $node = $_.NodeName $guid = ([guid]([adsisearcher]"(samaccountname=$node`$)").FindOne().Properties["objectguid"][0]).Guid $source = $source_path + $node + ".mof" $dest = $dest_path + $guid + ".mof" Copy-Item $source $dest -Force New-DSCCheckSum $dest -Force }
Then, when configuring PullMode on the target nodes, I use the same snippet of code to pull the GUID from active directory, which ensures they always run the proper MOF.