Hi Daphin,

I tried to join the domain using Custom spec, which isn't working. Don't know the exact reason.

Do you have any codes which I can invoke, to add a server to domain in custom spec, Not a big scripting guy, but I tried to add a powershell script through a batch file to join a server to domain which is also failing.

$computername = "MyNETBIOSName"

$JoinNewDomain = '$DomainUser = "XXXX";

                  $DomainPWord = ConvertTo-SecureString -String "XXXXXX" -AsPlainText -Force;

                  $DomainCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList$DomainUser, $DomainPWord;

                  Add-Computer $computername -DomainName XXXX.com -Credential $DomainCredential -OUPath "OU=Test,DC=XXXX,DC=com";

                  Start-Sleep -Seconds 20;

                  Shutdown /r /t 0'

Thanks.

You don't need code, you need to fix your customization spec. Make sure the username is in UPN format, that the password is correct, and that the user account you're using is a domain member and has rights to join computers to AD.

Good one Daphin, it worked out.

I was not using UPN in right format which did the trick and joined the domain.

How will I ensure to make this sit in right OU ?

Also when I destroy this machine, where do I configure to make sure all the stale entries of this machine is cleaned up in AD and DNS.

Thanks.

See my first reply in this thread for your options there. If you want proper clean-up of AD and DNS without having to custom code or hand-stitch workflows, the SovLabs modules for AD and DNS are the ways to go, however not free. The built-in option to clean-up is done via a custom property.

Hi Daphin,

I could see there are possibilities with inbuilt VRO, but only deal is need to configure the fields appropriately to make the workflow function as per our Active directory. Do we have any link where i can details on adding these fields to map into the output object of my design.

Any idea where I can get a step by step configurations to avail this Xaas blueprint in my original design.

Thanks.

I'm confused now. What is it exactly you wish to accomplish here? If it's just a matter of having your deployed VMs join AD and then get removed upon decommissioning, then there's no XaaS needed. If it's something else, please clarify.

Hi Daphin,

I understand.. your first line gives me the exact need for me now.

"If it's just a matter of having your deployed VMs join AD and then get removed upon decommissioning, then there's no XaaS needed." - When removing it must be a clean swipe from end to end, no stale entries should be seen anywhere in network on destroyed server.

I had seen Sovlabs solution, since it isn't free bit of a concern. However am trying to get some more insights on it.

So without using Sovlabs or XaaS, do we still have any other solution on clean swipe destroyal. I'm looking for something which can be achieved with whatever resources we have in hand.

Thanks.

If you wish to deploy VMs from vRA and have them land in a specific OU as well as, upon destruction, have them be removed from AD, then there is no XaaS needed. You can either use the built-in mechanism for this which are documented, or the SovLabs AD module if your needs are more complex (trial is available). It's your choice which you'd like to use.

Hi,

I followed Ryan's wirte up and manage to get the placed in the required OU. However will it automatic register the VM in the DNS server as well? (The vm is a windows machine).

I am having problem that the (Windows) VM record is not being registered in the DNS server and was wondering the service account I use for the AD endpoint doesn't have the correct permission to create/remove records in the DNS server. Or do I still need to create a workflow to register the record to DNS server?

Thx.

However will it automatic register the VM in the DNS server as well?

If you're using Active Directory-integrated DNS it will, yes. If you are using so (because this is default), then you may need to look at your DC and figure out why it is not adding those records because it should be.

Greetings daphnissov!

I am also trying to join vRA provisioned systems to the domain and have the need to point them to a specific OU.

  I tried adding this as a "Software Component"; however, when provisioning the system times out and destroys the VM (Even though windows 2016 configuration is complete to Workgroup, Administrator is logged in to the system, IP connectivity)

I have an understanding that the vSphere customization is trumped by vRA.

I have a powershell script that does this flawlessly (when "run" from the system itself in Powershell).

The script doesn't  run, as if, it is waiting on something else. 

Would you please help me understand why vRA will not run the script?

$domainFQDN = "CONTOSO.PROD.COM"

$domainOU = “OU=Legacy,OU=Servers,DC=CONTOSO,DC=PROD,DC=COM”

$password = "P@sswordExampl3" | ConvertTo-SecureString -AsPlainText -Force

$username = "contoso\svc_joindomain"

$credential = New-Object System.Management.Automation.PSCredential($username,$password)

Add-Computer -DomainName $domainFQDN -OUPath $domainOU -Credential $credential

Restart-Computer

You basically have two options when it comes to targeted domain joins when provisioned through vRA, in order of maturity/robustness:

1. SovLabs Active Directory module
2. vRA AD profiles

Either of these methods will pre-stage the object in the correct OU, but you still need a vSphere Customization Spec to actually perform the domain join when it enters the CustomizeOS step.

To add to this if you getting software component timeouts on windows and on vRA 7.4.

validate the workaround is applied per KB

VMware Knowledge Base

Thank you for your prompt response.   I thought vRA had the power to call a PS script from a software component.   I guess the vRA "expert" I heard it from was wrong.   Thanks for the time, it is appreciated.

Running 7.2; however, i am preparing for the 7.4 upgrade.   Thank you for the input.    This work around should be a huge help if I run into the issue...post upgrade.

No, you can most certainly call a PS script as a software component, but the point I was making was that 1.) that's not an appropriate place for a domain join script and 2.) It's too late in the provisioning process to do so.

Understood.   So if a system is provisioned to a workgroup and configuration of the OS is complete.  vRA says "no thanks" too late; not running that PS script.

I appreciate your expert input.   Have a good day!  

No, it doesn't say that, again, it's just that manually joining a domain with a software component is both overkill and not at the appropriate time for a variety of reasons. Would it technically work? Maybe? Should you do it/is it a good idea? Definitely not.