VMware Cloud Community
NemesisSaints
Contributor
Contributor
‎10-02-2019 02:04 PM

Can ActiveDirectory.rename search sub-OUs, or is it single OU specific?

Can ActiveDirectory.rename search sub-OUs, or is it single OU specific? Meaning, does each OU subtree need to be defined or can it search from a top level OU to include all the sub-OUs below it for a computer name to move to different OU.

Reply
0 Kudos
5 Replies
iiliev
VMware Employee
VMware Employee
‎10-03-2019 02:51 PM

I'm not sure I fully understand the question. Could you provide some example?

If you don't provide the full tree paths, how would you handle the possible conflicts (having more than one object with a given name in different sub-trees)?

Reply
0 Kudos
NemesisSaints
Contributor
Contributor
‎10-03-2019 02:58 PM

Thanks, llian lliev. You were extremely helpful with one of my previous posts.

I was thinking something like this, but I would like the first line to search the sub-OUs. There should not be any conflicts because we cannot have two computers with the same name. That in itself would cause network/DNS issues.

var from = "CN=" + computername + "CN=Zones,OU=Application,DC=CompanyName,DC=COM"

var to = "CN=" + computername +  ;

var newParent = "OU=Computers,OU=ToBeDeleted,DC=CompanyName,DC=COM";

ActiveDirectory.rename(from, to, newParent);

Reply
0 Kudos
iiliev
VMware Employee
VMware Employee
‎10-03-2019 03:35 PM

OK, then I'd suggest to use one of the search() methods in ActiveDirectory scripting class (check the ActiveDirectory methods in vRO API Explorer), and once you find your computer object, you can fetch its full DN to pass to rename() method.

Reply
0 Kudos
NemesisSaints
Contributor
Contributor
‎10-16-2019 12:48 PM

Is this the one you were thinking of?

searchForEntry

Processes a search operation with the provided information. It is expected that at most one entry will be returned from the search, and that no additional content from the successful search result (e.g., diagnostic message or response controls) are needed.

Parameters:

NameTypeDescription
dnstring
searchScopeLdapSearchScope
timeLimitnumber
filterstring
attributes[string

Returns:

LdapEntry

How would you write the script to pass the LdapEntry to the ActiveDirectory.rename() method?
So far, this is my script, and it is confined to a computer object in the first line:

var from = "CN=" + hostname + ",OU=Servers,OU=Centrify,DC=COMPANY,DC=COM";

System.log (from);

var to = "CN=" + hostname ;

System.log (to);

var newParent = "OU=Computers,OU=ToBeDeleted,DC=COMPANY,DC=COM";

System.log (newParent);

ActiveDirectory.rename(from, to, newParent);

Reply
0 Kudos
iiliev
VMware Employee
VMware Employee
‎10-17-2019 12:46 AM

Yes, either searchForEntry() or some of the other searchXYZ() methods.

LdapEntry object has suitable methods, like getDN(), which you can use to fetch distinguished name or parts of it, to use it in methods where you need to provide distinguished names as plain strings.

Reply
0 Kudos