VMware Cloud Community
TimR26
Enthusiast
Enthusiast
‎10-19-2016 09:49 AM

vRA 7.1 Windows 2012 R2 blueprint with AD policy

I'm trying to build a Windows 2012 R2 blueprint that joins an AD server automatically and puts the computer in a specific OU specified.

I created a vRO endpoint and pointed it to my AD server, provided all the necessary info (as far as I can tell).

I created an AD Policy and specified the OU I want machines to go in.

I applied the AD Policy to the business group so anyone within the business group who deploys machines will have the AD Policy applied.

I created a Windows 2012 R2 template (nothing special here)

I created a vsphere customization script that sets the admin password and joins the domain.

Test 1

I created a blueprint, full clone of the windows 2012 R2 template and specified the customization script.

Result: It deployed the machine and joined the domain, but the computer object was still in the default Computers OU

I check the vRO Endpoint and found a typo in the domain name, fixed.

Test 2

same as above, hoping things would work due to the typo.

Result: same as test one

Test 3

same blueprint, modified AD endpoint and provided new shared session credentials (thinking authentication issue)

Result: same as test one

Test 4

same blueprint, modified vsphere customization script to not join domain (thinking AD endpoint and ADPolicy will join the machine to the domain)

Result: server did not join domain

Test 5

same blueprint, removed customization script from blueprint (thinking customization script is interfering with vRA joining machine to domain)

Result: server did not join domain.

At this point I'm not sure how to proceed. I feel I'm missing a step (or two)

Some questions I have:

1. Where can I find logs for the Active Directory Endpoint? I would like to see if it provides any clues as to whether or not my AD Endpoint is even config'd properly

2. For the AD endpoint shared session credentials, what format do I use for the username (the docs do not mention anything like this, just provide a username) so do I use <username> or <domain> \ <username or <username>@<domain>...or does it even matter?

3. do I even need to specify the vsphere customization script within the blueprint?

4. Is there any other step within the blueprint I need to do to get the AD Policy to work?

0 Kudos
0 Replies