VMware Cloud Community
mcity
Contributor
Contributor

Changing computer OU in Active Directory

I am looking for a workflow to change computer OU in active directory after deploying

13 Replies
xian_
Expert
Expert

Try Changing Active Directory OU of vRA Provisioned Machines

ie. ActiveDirectory.rename() method. API Explorer writes:

Allows a client to change the leftmost (least significant) component of the name of an entry in the directory, or to move a subtree of entries to a new location in the directory.

Reply
0 Kudos
mcity
Contributor
Contributor

Thanks for the response, Xian,

I am new to vRA/vCO, do you mind giving more details with an example, please

Reply
0 Kudos
xian_
Expert
Expert

This might be an easier method if your OU is static information: Create and Apply Active Directory Policies

Reply
0 Kudos
craigso
Enthusiast
Enthusiast

It's also possible to script the location of the AD bind location using the custom property: ext.policy.activedirectory.orgunit

You set the value of that to the distinguishedName of the OU you'd like to place the server. As mentioned before, if you want them all to go to the same location then an AD policy is what you are looking for.

In my environment we specify a AD policy for all business groups. We use this as the parent OU. Then I wrote an action to crawl the OU and find all child OUs, then present that to the user at provisioning. That allows them granular placement of their VMs at provisioning time.

Reply
0 Kudos
mcity
Contributor
Contributor

thanks craigso,

I have configured a default AD policy for all business groups, which works fine during  provisioning.  My scripting is limited, are you  able to share you placement action script?

Reply
0 Kudos
craigso
Enthusiast
Enthusiast

Its been my plan to share this script but it might be a bit environment specific. Let me see if I can generalize it a bit and add some comments. I'll report back.

Reply
0 Kudos
craigso
Enthusiast
Enthusiast

I just finished commenting these scripts and including what needs to be configured.

Due to the length of the actions I just posted them to my github. There are two action to get his working correctly. getOUChildPath references getAdPolicySettingsFromBusinessGroup, so I've included both of them here: vRA/actions/getOUChildPath at master · craigsorensen/vRA · GitHub

mcity
Contributor
Contributor

Thanks Craig,

I will check it out..really appreciate your efforts.

Reply
0 Kudos
NemesisSaints
Contributor
Contributor

I am looking to do something similar. In my case we have a VRO workflow called "manual dispose" used to decommission VMs.  We don't delete them, instead they are disabled and get manually moved from an "active" OU to a "ToBeDeleted" OU. We would like to automate this process.

I have been told it is likely best do this from VRO using a Java Script. I think that involves creating a new workflow element on the existing "manual dispose" workflow that points to a newly created workflow.

Reply
0 Kudos
craigso
Enthusiast
Enthusiast

Yes this is possible. There are two things that will help you achieve this.

The first one is a workflow and action that already exists to disable a computer. Library > Microsoft > Active Directory > Computer > Disable a Computer. It takes a input type of AD:ComputerAD.

The second part can be done using ActiveDirectory.rename(). See description below.

pastedImage_0.jpg

I hope that points you in the right direction!

Reply
0 Kudos
NemesisSaints
Contributor
Contributor

Thank you, craigso.

Can you point me to where you found the documentation? I am new to VRO and would like to have more details.

Reply
0 Kudos
NemesisSaints
Contributor
Contributor

Reply
0 Kudos
craigso
Enthusiast
Enthusiast

Within vRO you can use the API explorer to guide you. That with google searching should help you find examples like the one you posted.

The learning curve is very steep with vRA/vRO. But if you stick with it, it does get easier.

Reply
0 Kudos