5 Replies Latest reply on Jan 13, 2017 5:46 AM by igaydajiev

    vRO AD plugin queries using OU

    Cloud_Automation Lurker

      Dear experts:

      trying to find user objects in AD using vRO AD plugin. 

      ActiveDirectory.searchRecursively("User","somename") method works BUT I have a requirement of performing a search within a given OU. Is there a way to do this with a "search" method - what query i need to provide? 

      cn=a,ou=b,dc=d,dc=e,dc=g  did not work nor did ('cn=a,ou=b,dc=d,dc=e,dc=g')

      thanks a lot in advance !

      Alex Pervukhin

        • 1. Re: vRO AD plugin queries using OU
          Brian Knutsson Enthusiast
          vExpert

          If it is not a performance issue, you can always look at the result and filter by the distinguishedName.

          • 2. Re: vRO AD plugin queries using OU
            vmwaredownload Enthusiast

            Thanks for your reply Brian.

            Unfortunately it is a performance issue - I was requested to query based on OU.

            Maybe I will tackle it from a different angle: findAllForType (vRO), looging for AD:OrganizationalUnit, find my vRO OI and get its users?

            thanks!

            Alex

            • 3. Re: vRO AD plugin queries using OU
              vmwaredownload Enthusiast

              This is what worked for me:

               

              1) when defining AD in vRO - use OU in the base DN, this limits search scope to just that OU;

              2) for user queries this works: var user = Server.findAllForType("AD:User", "somename"), take the 1st array element from the search.

               

              Hope this helps,

              Alex

              • 4. Re: vRO AD plugin queries using OU
                koushik_vmware Enthusiast

                Hello Alex,

                 

                How to get the AD group from vRO scripting ? I would like to search an AD group based on some input parameter.

                Below is(any of them) not working for me.

                 

                var grp= Server.findAllForType("AD:UserGroup", "somegroupname")

                var grp= Server.findAllForType("AD:Group", "somegroupname")

                • 5. Re: vRO AD plugin queries using OU
                  igaydajiev Expert
                  VMware Employees

                  //=============

                  // Search in paricular AD host for all security groups starting with "vco" and returns list of UserGroup objects

                  System.log("==                   ")

                  System.log("== UserGroups/Security groups ==")

                  System.log("==                   ")

                  userGroups = ActiveDirectory.search("UserGroup", "vco", host)

                  for ( i in userGroups){

                     System.log(userGroups[i])

                  }

                   

                   

                  //=============

                  // Search in paricular AD host for all groups (Containers) starting with "vco" and returns list of UserGroup objects

                  System.log("==                   ")

                  System.log("== Groups/Containers ")

                  System.log("==                   ")

                  userGroups = ActiveDirectory.search("Group", "vco", host)

                  for ( i in userGroups){

                     System.log(userGroups[i])

                  }

                   

                   

                  Starting with AD plugin 3.x there is generic LDAP client that can be used to do arbitrary LDAP query

                  https://communities.vmware.com/people/igaydajiev/blog/2016/07/18/active-directory-plugin-300-new-and-noteworthy

                  Ragarding the syntax of LDAP quieries you can refer to https://technet.microsoft.com/en-us/library/aa996205(v=exchg.65).aspx

                   

                  //=============

                  // Use generic LDAP client to perform arbitrary LDAP query against specific host.

                  // Example : Search for all security groups starting with vco* and retunr them as list of LdapEntries

                  var ldapClient = host.getLdapClient();

                  var searchResult = ldapClient.search(host.hostConfiguration.ldapBase /* 'dc=somedomain,dc=com' */

                    , LdapSearchScope.SUB                                                  // Search also in subentries

                    , LdapDereferencePolicy.ALWAYS                                

                    , 0

                    , 0

                    , "(&(objectCategory=group)(cn=vco*))" ) //Query string

                   

                  // Traverse trough result set

                  entries = searchResult.getSearchEntries()

                  for (var e in  entries)

                  {

                    System.log(entries[e].getParsedDN().toNormalizedString());

                  }

                  ====

                   

                  To search for particular entry by it's distinguished name you can take a look also at example workflow cumming with AD 3.x plugin "Lookup entry by DN using non-persistent LDAP client"



                  Hope it helps !