VMware Cloud Community
5mall5nail5
Enthusiast
Enthusiast
Jump to solution

Joining vRA Windows machine to domain and moving to OU?

Hi all - I am trying to setup policy for local administrators via GPO.  The only way for this to work properly, though, is if I can put the vRA domain joined machines in specific OUs to apply different team-based local admin policies.  Ie., if someone from "Accounting" deploys their blueprint they get a customization file to join the VM to a domain, but then I need the machine to be put in OU=vRA_Accounting_Srv,OU=Servers,DC=Dev,DC=local.  How can I accomplish this?

Thanks!

Tags (3)
Reply
0 Kudos
1 Solution

Accepted Solutions
daphnissov
Immortal
Immortal
Jump to solution

Use AD machine profiles in 7.3 on a per-business-group basis (where "Accounting" would be a business group) to define an OU in which all deployed machines should go. If this is enough flexibility for you, then great. If you want even more control than this including things like build OUs, then you'll want to look into the SovLabs Active Directory module.

View solution in original post

Reply
0 Kudos
5 Replies
daphnissov
Immortal
Immortal
Jump to solution

Use AD machine profiles in 7.3 on a per-business-group basis (where "Accounting" would be a business group) to define an OU in which all deployed machines should go. If this is enough flexibility for you, then great. If you want even more control than this including things like build OUs, then you'll want to look into the SovLabs Active Directory module.

Reply
0 Kudos
5mall5nail5
Enthusiast
Enthusiast
Jump to solution

Excellent, yes I am running vRA 7.3 in this case.  So, I've created an AD Endpoint, Policy, applied to business group, I see how I can override the OU via custom properties on the blueprint, etc.  But, one question, does the AD policy join the machine to the domain or do I still need to do that via Guest Customization?

Reply
0 Kudos
daphnissov
Immortal
Immortal
Jump to solution

No, you always need a customization spec to join a Windows machine to a domain.

Reply
0 Kudos
5mall5nail5
Enthusiast
Enthusiast
Jump to solution

Ok great - time to test!  So just joint he "vanilla" dev.local domain and the policy should place it.  Gotcha!

Reply
0 Kudos
5mall5nail5
Enthusiast
Enthusiast
Jump to solution

Thanks for the info - created an AD endpoint, policy, setup a customization to join AD, then overrides within blueprints to allow different blueprints for different OUs, etc.  All automated, GPOs, etc. for local admin access... its....beautiful!

Reply
0 Kudos