Automatically Move Full Clone VM into specific OU

Tenz88 · ‎06-15-2021

Hi Everyone,

We were using linked clones before when we were on horizon 7 and with that we were able to specify which OU to provision new VMs in. However, we are now on Horizon 8 and when using full clone pools, we dont have the option to move to specific OU (maybe this was never an option with full clone but we didn't use prior to 8).

I've tried using guest customization to have it run commands once where i tell it to join a domain and which OU but that does not work.

Currently new VMs end up in a ou called "staging" where there is no gpo being applied so i have to constantly go to that OU and move VMs to respective OUs. How are others handling this? I could create the computer objects ahead of time in the specific OU but i rather not as then it starts end up reporting in some of our other apps and causes reporting issues.

Thank you!

fabio1975 · ‎06-15-2021

Ciao

In the past, I solved your own problem by running a domain join script at the end of the VMware Customization Wizard

On the template you use you have to place two files an executable and a powershell script, in my case the executable file was called SetupComplete.CMD, the file powershell join.ps1 and in the template they were located in the folder c:\windows\setup\Join\

The SetupComplete.CMD file must contain the following lines:

powershell -file "C: \Windows\Setup\Join\join.ps1"

del C:\Windows\Setup\Join\ *. * / Q

the join.ps1 file must contain the following lines:

$ cred = New-Object System.Management.Automation.PsCredential (“domain\user", (ConvertTo-SecureString "password" -AsPlainText -Force))

Add-Computer -DomainName "xxx.xxx" -OUPath "OU = xxx, OU = xxx, DC = xxx, DC = xxx" -Credential $ cred

Restart-Computer

When the script is run?

Regarding the question of when the join script is executed, it occurs at the first logon, so in the customization wizard we need to create a VM Customization Specifications that allows the Administrator user a first automatic logon after the VM has been deployed

The only flaw is that the credentials are in clear text, but the file is deleted as soon as the object in the indicated OU is created.

Fabio

Visit vmvirtual.blog
If you're satisfied give me a kudos

Tenz88 · ‎06-16-2021

Thank you! I am new to this so have not played around with the power-on/off scripts, etc. This seems like the best solution, but if you dont mind, i'm going to leave this thread open for a bit longer before i mark that as answer in case there is another way to do it without having password in plain text on the golden image.

Tenz88 · ‎06-16-2021

So this did not work for me and introduced a new problem.

When i had the guest specification file checked for "Automatically logon as administrator" the VM logs in with this account but it never restarts or logs out so all the VMs show as "Unassigned user connected" and shows Administrator account as connected. It also was in the staging OU again.

I changed the workgroup or domain field from "Windows Server domain" to "workgroup" as that powershell script should've joined the VM to domain however, it shows new VMs in workgroup now. If i go to C:\Windows\Setup\Join\ folder, The .cmd and .ps1 files are gone so it seems like it ran.

What am I missing?

UPDATE -

Okay so the ps1 was failing to join because when being .cmd is being specified in the guest customization and then ps1 being called out from the .cmd file, it is not running ps1 as admin. If I run the .ps1 as admin, then it joins it fine. Now trying to figure out how to make the guest customization do that.

sjesse · ‎06-16-2021

What about creating a manual pool and using powershell to create the clones as needed and add them to that pool? Its a little more work but you have alot more contorl.

jamorris27 · ‎09-21-2023

I was having the same problem, which led me here. It looks like they've recently added the functionality for Automatic Dedicated Full Clone Desktop (I'm currently using 2303).

All

Automatically Move Full Clone VM into specific OU