Hi all - I am trying to setup policy for local administrators via GPO. The only way for this to work properly, though, is if I can put the vRA domain joined machines in specific OUs to apply different team-based local admin policies. Ie., if someone from "Accounting" deploys their blueprint they get a customization file to join the VM to a domain, but then I need the machine to be put in OU=vRA_Accounting_Srv,OU=Servers,DC=Dev,DC=local. How can I accomplish this?
Thanks!
Use AD machine profiles in 7.3 on a per-business-group basis (where "Accounting" would be a business group) to define an OU in which all deployed machines should go. If this is enough flexibility for you, then great. If you want even more control than this including things like build OUs, then you'll want to look into the SovLabs Active Directory module.
Use AD machine profiles in 7.3 on a per-business-group basis (where "Accounting" would be a business group) to define an OU in which all deployed machines should go. If this is enough flexibility for you, then great. If you want even more control than this including things like build OUs, then you'll want to look into the SovLabs Active Directory module.
Excellent, yes I am running vRA 7.3 in this case. So, I've created an AD Endpoint, Policy, applied to business group, I see how I can override the OU via custom properties on the blueprint, etc. But, one question, does the AD policy join the machine to the domain or do I still need to do that via Guest Customization?
No, you always need a customization spec to join a Windows machine to a domain.
Ok great - time to test! So just joint he "vanilla" dev.local domain and the policy should place it. Gotcha!
Thanks for the info - created an AD endpoint, policy, setup a customization to join AD, then overrides within blueprints to allow different blueprints for different OUs, etc. All automated, GPOs, etc. for local admin access... its....beautiful!