VC guest customisation does not allow for the specification of MachineOU when joiing a guest to a domain.
As it is VDM best practice to create an OU in AD for the placement of VDM Guests, my question is How are you deploying your guests to automatically place them in the correct OU?
Tom Howarth
VMware Communities User Moderator
We do the following if it's of any help:
Create a Customization Specification in VI / ESX and set the following (among other things):
Define the guest computer name to be the VM name i.e. under section "Computer Name" choose: "Use the virtual machine name"
Set an administrator password and configure the guest to autologon once as administrator - section "administrator password" of Customization Specification
Join a workgroup called something like VDIBUILD - section "workstation or domain" of Customization Specification"
In RunOnce call a bat file which uses netdom to join the domain
Bat file has the following line: "netdom join /d:netbiosdomainname /ou:ou=vdi,dc=corp,dc=local /userD:username /passwordD:password"
Followed by "shutdown -r -f -t 60"
When you create a pool of desktops in VDM you provide a name for the VM via the "prefix" label. VDM takes care of the uniqueness of naming for you by incrementing digits after the prefix. These are then used to set the windows OS name by the above process since you would call the customization specification as part of the desktop pool creation.
Caveat with netdom - your OU name or the name of any parent OU must not contain spaces.
Concern - leaving a bat file with credentials to join domain lingering on a PC. We mitigate this by scheduling a couple of reboots and automating the deletion of the joindomain bat file - can provide details if you're interested.
our VM's get placed in their OU's as part of the run once script in the customization specs within VC.
Care to share you runonce. I have been looking to do something like that just had other tasks on my plate, I have been pre-staging the VM's first in AD
Steve Beaver
VMware Communities User Moderator
Orlando Area VMware User Group Leader
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
*Virtualization is a journey, not a project.*
I didn't write it and it's an encoded script file. I can share it, but I don't know how much you can get out of it.
I take that you are using NETDOM to join the machine to the domain and adding the Machine OU with the /OU switch
Tom Howarth
VMware Communities User Moderator
If you have an un-encoded version that is striped of anything specific that would be great. If not no big
Steve Beaver
VMware Communities User Moderator
Orlando Area VMware User Group Leader
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
*Virtualization is a journey, not a project.*
we only join our VDI machines to the domain because they are running on a DHCP segment, and they are joined to the domain as part of the customization process built into VC. Now if it uses NETDOM, then yes, but other than calling a batch file that calls the accountmove.vbe script as part of the run once, we don't do anything special
If you have an un-encoded version that is striped of anything specific that would be great. If not no big
let me see what I can find
ahh, it acutally looks like you user the default domain join in the VC Customisation script and the use a Runonce command to move. thank you for that info.
Tom Howarth
VMware Communities User Moderator
sorry guys, I haven't had success in getting the script de-crypted. If I do, I'll post the contents back here.
We do the following if it's of any help:
Create a Customization Specification in VI / ESX and set the following (among other things):
Define the guest computer name to be the VM name i.e. under section "Computer Name" choose: "Use the virtual machine name"
Set an administrator password and configure the guest to autologon once as administrator - section "administrator password" of Customization Specification
Join a workgroup called something like VDIBUILD - section "workstation or domain" of Customization Specification"
In RunOnce call a bat file which uses netdom to join the domain
Bat file has the following line: "netdom join /d:netbiosdomainname /ou:ou=vdi,dc=corp,dc=local /userD:username /passwordD:password"
Followed by "shutdown -r -f -t 60"
When you create a pool of desktops in VDM you provide a name for the VM via the "prefix" label. VDM takes care of the uniqueness of naming for you by incrementing digits after the prefix. These are then used to set the windows OS name by the above process since you would call the customization specification as part of the desktop pool creation.
Caveat with netdom - your OU name or the name of any parent OU must not contain spaces.
Concern - leaving a bat file with credentials to join domain lingering on a PC. We mitigate this by scheduling a couple of reboots and automating the deletion of the joindomain bat file - can provide details if you're interested.
We run a sheduled task (so credentials are encrypted) on any member server and move the customized clients (special naming convention) from the default builtin CN=Computers to the appropriate OU. The tasks runs every minute (sic) and looks for new objects in CN=Computers and if name matches then the object is moved. Since then no problem, as there is enough time between computer-object creation and last reboot to pull policies.
Regards,
Christian
Huw,
Welcome to the forums, if this response is an indication of the standard of your input, then you will be a welcome addition, have 10 points for your thoughtful response and the first promotion up the ladder,
You are no longer a lurker but now deemed a Novice.
Just one small point Netdom does accept OU's and DC's with spaces you just have to enclose them with Quotes i.e OU="my ou with spaces", DC="my domain with spaces",DC=local
Tom Howarth
VMware Communities User Moderator
Tom et all,
I too don't like having credentials in batch files or scripts so I borrowed a base script and modified it to suit. Feel free to use if you like.
Usage:
create a customisation spec as mentioned above
add a run once with something similar to:
cscript.exe C:\Windows\JoinDomainOU1.1.vbs -u UserName -p PasSWorD -d NetBiosDOMAIN -o OU=VDI,O=Workstation
copy the script to C:\Windows\JoinDomainOU1.1.vbs
Benefit of this approach is the credentials stay in vCenter, not in the template so its safer and its easy to modify! You can also have the same base template for many pools all going to different OUs.
Phil
Thanks a lot Phil. Of all the solutions this seems like the most robust one.
This could solve some issues for me