VMware Cloud Community
jmedd
Enthusiast
Enthusiast
‎11-04-2014 02:22 AM

AD Plugin - Support for Multiple Domain Controllers?

Using a single Windows domain and the vCO AD Plugin 1.0.4. When configuring against the single Windows domain a DC in that domain is specified. Ideally I need to be able to support a situation where that configured DC is not available and a different DC automatically being used. (For instance other products which query or update AD can be configured with the domain root or multiple DCs configured to use in a particular order).

Can anyone confirm if this is possible, i.e. is the configured DC in the plugin the only DC in that domain it is possible to use?

By the looks of things I don't believe it is, but happy to learn otherwise. If not, please consider this a feature request 🙂

Blog: http://jonathanmedd.net | Twitter: @jonathanmedd
Reply
0 Kudos
5 Replies
cdecanini_
VMware Employee
VMware Employee
‎11-04-2014 02:59 AM

The actual plug-in is not able to support multiple domains.

Alternatively it is possible to:

  • Reconfigure the plug-in via workflow for each domain (but you need to use vCO lock to avoid a in flight workflow to be affected by configuration change).
  • Use mutliple vCO servers with the multi-node plug-in. Using one AD config per vCO.

Eventually a new version of the plug-in will support multiple hosts since this is a common requirement.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter
Reply
jmedd
Enthusiast
Enthusiast
‎11-04-2014 03:08 AM

Thanks for the reply. Just to clarify, in this instance I am not actually interested in multiple domains (I've seen discussions on that in other communities posts).

I am interested in multiple domain controller support in a single domain? Is your response applicable in that scenario, i.e. use one of the two suggested methods to talk to different DCs in the same domain?

Blog: http://jonathanmedd.net | Twitter: @jonathanmedd
Reply
0 Kudos
cdecanini_
VMware Employee
VMware Employee
‎11-04-2014 04:43 AM

As long as you can get a valid configuration with setting the host configuration with the workflow for each host it should work.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter
Reply
0 Kudos
qc4vmware
Virtuoso
Virtuoso
‎11-04-2014 09:16 AM

Is there any reason you aren't using a load balancer?  We have a VIP that points to all of the DC's which host the global catalog.  That being said we have found the AD plugin unusable do to its inability to deal with both our AD structure and very poor performance against a large directory.  I haven't take a look at the latest release of the plugin but from what I can gather in the forums not a whole lot has changed.  Maybe the performance has been improved but our structure will still break it.

Reply
jmedd
Enthusiast
Enthusiast
‎11-04-2014 09:39 AM

Thanks. Using a load balancer did come to mind, but had never heard of anyone else actually doing that (for any reason with AD), so it's good to hear that might be a possible route to go down. It does seem a bit excessive though to get round a fault with the plugin 🙂

I have a number of issues with the plugin similar to yourself (have seen some of your other postings on the topic). For this particular project we are already doing some of the AD work via vCO calls to PowerShell instead because of a constraint around not being able to implement SSL on the DCs. To be honest I think if I was starting again on this project I'd be tempted to do the whole AD part via vCO calls to PowerShell rather than try and use the AD plugin.

Hopefully a better version of the plugin will be released in the future!

Blog: http://jonathanmedd.net | Twitter: @jonathanmedd
Reply
0 Kudos