3 Replies Latest reply on Sep 7, 2019 10:42 PM by mcity

    Move ADUser to Different OU

    Cit3Jon Lurker

      Hello Folks,

      Full disclosure - I'm very new to scripting in Orchestrator, and I'm having a hard time getting my arms around how to navigate through some of the more custom scripting that's required sometimes. 

      My challenge is pretty simple. I need to move an AD User to a new OU. I've done a good amount of research, and have come up empty.

      Did some digging in the API Explorer and found the rename method of the AD_User object, but honestly.. I'm not sure if this is going to be helpful or how to even use it.

      My ask is pretty simple: Has anyone done this before, and if so, would you mind sharing a snippet of how you acheived this?

        • 1. Re: Move ADUser to Different OU
          iiliev Champion
          Community WarriorsVMware Employees

          Hi,

           

          You need to use ActiveDirectory.rename(), not AD_User.rename().

           

          Check ActiveDirectory.rename() documentation in vRO API Explorer, there is an example how the parameters look like.

          1 person found this helpful
          • 2. Re: Move ADUser to Different OU
            Cit3Jon Lurker

            This helped, thank you!

             

            I now realize how trivial this was.. just had to get my arms around how exactly the javascript interacts with objects.

             

            I'll do my best to explain this simply so others that may be starting off with vRO can have an easier time than I did :-)

             

            I ended up creating inputs for the scriptable task that required the AD:User type and the AD:OrganizationalUnit type. This object is then consumed by ActiveDirectory.rename(). I did find the documentation slightly confusing, but it became more clear when I realized you can both rename and/or move objects using ActiveDirectory.Rename().

             

            According to the API Explorer, the parameters for ActiveDirectory.Rename are:

            - From (string)

                Think of this as the reference for everything else you do. It requires the distinguished name, not the object itself.

            - To (string)

                Think of this as the name of the object in the destination. In my testing, if you pass anything but "'CN='+objAdUser.name", the user object will be named something you don't intend.

            - New_Parent (string)

                This is simply the container you want the object to live in.

             

            If any of this is incorrect, please let me know!

             

            Here's the example snippet:

             

            //Begin Snippet

            /*

                Inputs: NewOU (AD:OrganizationalUnit), objAdUser (AD:User)

            */

             

            ActiveDirectory.rename(objAdUser.distinguishedName,"CN="+objAdUser.name,NewOU.distinguishedName)

            //End Snippet

            • 3. Re: Move ADUser to Different OU
              mcity Novice

              Please elaborate more on this solution.