Re: vRO AD plugin queries using OU

Cloud_Automatio · ‎06-09-2016

Dear experts:

trying to find user objects in AD using vRO AD plugin.

ActiveDirectory.searchRecursively("User","somename") method works BUT I have a requirement of performing a search within a given OU. Is there a way to do this with a "search" method - what query i need to provide?

cn=a,ou=b,dc=d,dc=e,dc=g did not work nor did ('cn=a,ou=b,dc=d,dc=e,dc=g')

thanks a lot in advance !

Alex Pervukhin

Mnemonic · ‎06-10-2016

If it is not a performance issue, you can always look at the result and filter by the distinguishedName.

vmwaredownload · ‎06-10-2016

Thanks for your reply Brian.

Unfortunately it is a performance issue - I was requested to query based on OU.

Maybe I will tackle it from a different angle: findAllForType (vRO), looging for AD:OrganizationalUnit, find my vRO OI and get its users?

thanks!

Alex

vmwaredownload · ‎06-10-2016

This is what worked for me:

1) when defining AD in vRO - use OU in the base DN, this limits search scope to just that OU;

2) for user queries this works: var user = Server.findAllForType("AD:User", "somename"), take the 1st array element from the search.

Hope this helps,

Alex

koushik_vmware · ‎01-13-2017

Hello Alex,

How to get the AD group from vRO scripting ? I would like to search an AD group based on some input parameter.

Below is(any of them) not working for me.

var grp= Server.findAllForType("AD:UserGroup", "somegroupname")

var grp= Server.findAllForType("AD:Group", "somegroupname")

igaydajiev · ‎01-13-2017

//=============

// Search in paricular AD host for all security groups starting with "vco" and returns list of UserGroup objects

System.log("== ")

System.log("== UserGroups/Security groups ==")

System.log("== ")

userGroups = ActiveDirectory.search("UserGroup", "vco", host)

for ( i in userGroups){

System.log(userGroups[i])

}

//=============

// Search in paricular AD host for all groups (Containers) starting with "vco" and returns list of UserGroup objects

System.log("== ")

System.log("== Groups/Containers ")

System.log("== ")

userGroups = ActiveDirectory.search("Group", "vco", host)

for ( i in userGroups){

System.log(userGroups[i])

}

Starting with AD plugin 3.x there is generic LDAP client that can be used to do arbitrary LDAP query

https://communities.vmware.com/people/igaydajiev/blog/2016/07/18/active-directory-plugin-300-new-and...

Ragarding the syntax of LDAP quieries you can refer to https://technet.microsoft.com/en-us/library/aa996205(v=exchg.65).aspx

//=============

// Use generic LDAP client to perform arbitrary LDAP query against specific host.

// Example : Search for all security groups starting with vco* and retunr them as list of LdapEntries

var ldapClient = host.getLdapClient();

var searchResult = ldapClient.search(host.hostConfiguration.ldapBase /* 'dc=somedomain,dc=com' */

, LdapSearchScope.SUB // Search also in subentries

, LdapDereferencePolicy.ALWAYS

, 0

, "(&(objectCategory=group)(cn=vco*))" ) //Query string

// Traverse trough result set

entries = searchResult.getSearchEntries()

for (var e in entries)

{

System.log(entries[e].getParsedDN().toNormalizedString());

}

====

To search for particular entry by it's distinguished name you can take a look also at example workflow cumming with AD 3.x plugin "Lookup entry by DN using non-persistent LDAP client"

Hope it helps !