Leffingwell
Contributor
Contributor

Decomissioning and Active Directory/DNS

Hey everyone,

When we delete VM's, there are still objects in AD like computer objects themselves, DNS entries etc.. we have a large environment 1.4k+ VM's.

I'm new to my company but we're running into an issue where things like this haven't been updated very thoroughly, and now we're seeing a slow down because of it.

I'm trying to see if there are tools in place to assist with decomissioning VM's that will also wrap up the backend stuff for environments making use of Windows DNS servers and AD.  Looking forward to any direction or response from people in similar environments..

[side note: I've got ideas on how to powershell this out, but I don't want to reinvent the wheel if I don't need too!]

0 Kudos
5 Replies
lamw
Community Manager
Community Manager

Have you taken a look at vCenter Orchestrator http://www.vmware.com/products/vcenter-orchestrator/overview.html, it's a free tool that's already included with vSphere and you can use that to orchestrate not only the VM deletion from vCenter but you can also integrate that with external systems such as your AD / DNS infrastructure to remove the AD objects and remove the DNS entries. There are several plugins that you can take a look at to help you integrate into your external system such as the Powershell  Plugin if you wanted to script all the entry removals or something like the SOAP/REST plugins.

vCloud9
Enthusiast
Enthusiast

Purging stale AD records

You should be able to run dsquery to find and delete the stale AD objects; here is article describing it in further detail http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/PruningOldComputerAcc...

Purging stale DNS records

I would suggest that you make sure that Aging and Scavenging option is enabled on your DNS server, here is an article from microsoft technect to how to do that http://technet.microsoft.com/en-us/library/cc755716(WS.10).aspx. Once its enabled, all the stale records will be purged automtically.

-vCloud9

Please don't forget to award point for 'Correct' or 'Helpful', if you found the comment useful.
Leffingwell
Contributor
Contributor

This is great information - I had considered Orchestrator, but the reading material I had on it looked a little top heavy.  Now that I have a better idea on whether or not it could work for this task, I will definitely took a look into it.  vCloud9 - thanks too for those general clean house ideas for AD and DNS!!  Leaving the topic open a bit longer in case anyone else has other additional ideas Smiley Happy

0 Kudos
Leffingwell
Contributor
Contributor

No other responses, it's been open long enough - thanks guys for that help, Orchestrator stood up and looking into the other options listed previously ! -ALAN

0 Kudos
gottr
Contributor
Contributor

We use a custom portal to submit decommission requests for servers.  The portal writes a text file out to a server share with information to decommission the server.  A script runs on a sheduled task to decommission the requested server using information in the text file.  The script runs our decommission steps ie remove from monitoring, power off, set notes in vsphere that it is decommissioned, email upon completion, remove from AD, etc.  It is a solid system if you do not mind scripting.  I use Quest AD snappin to remove the object from AD.

Get-QADObject "$newVMName$" | remove-qadobject -force -Confirm:$false

Good luck!

0 Kudos