houghtp
Contributor
Contributor

Delete computer from AD by name

Hi,

i'm trying to edit the destroyElement AD workflow to accept computer in string format.

I've added a scriptable task before the destroyElement action and entered the code from this post:

http://www.vcoteam.info/articles/learn-vco/259-remove-computer-from-ad-using-vco-during-vcac-decommi...

var computers = ActiveDirectory.getComputerADRecursively(computerName);

//System.log("Computer count: "+computers.length);

for each (pc in computers){

    //System.log("Checking computer: "+pc.name);

    if (computerName.toLowerCase() == pc.name.toLowerCase()){

        //System.log("Found Computer: "+pc.name);

        return pc;

    }

}

// Nothing found so throw exception:

throw "No matching Computer found: " + computerName;

swapping out variables for my own and make sure all bindings and input params are correct.

however, i get an error stating "Default Active Directory server not set. (Workflow:CB - Destroy a computer / Find computer in AD (item1)#54823)", even though i've run the ad configuration workflow to set this.

how do I get around this, preferably by entering the default host into the script so I can use the script for different domains? (as far as i can tell the AD configuration task to set the default AD host can only be run for 1 domain?)

0 Kudos
11 Replies
sbeaver
Leadership
Leadership

I am not sure if the new AD plugin resolve the single domain when configuring AD in VCO but what I did to get around that was to have multiple AD configuration workflows that can be run to connect to the multiple AD domains that I support in my environment. Wouldn't be an easier approach to use the getVMbyname workflow or action along with the original destroy a computer or destroyElement action?

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**
0 Kudos
houghtp
Contributor
Contributor

The latest AD plugin does let you add multiple domain controllers from different domains via the "add an active directory server" flow

However, I can't get the flow \ script i posted to work, it gives me that error about "default AD host not being set", even though i have ran the "configure active directory plugin options" flow and set the default host. If i can get this to work, then yes i can have mutliple flows to configure for each domain.

I don't think using the getvmbyname task would work, as the destroyElement AD flow expects an AD object, which the getvmbyname task doesn't output?

0 Kudos
houghtp
Contributor
Contributor

just found there's a later version of the plugin that fixes this issue:

Technical preview version of VMware vCenter Orchestrator Plug-In for Microsoft Active Directory

0 Kudos
houghtp
Contributor
Contributor

The script to delete a vm by name is working after the update to the AD plugin.

However, i still have the problem of setting multiple "Default AD Servers", one for for each domain.

can i either:

A) hard code these values into 2 different versions of destroyVM flow I have, one for each domain? I know getComputerADRecursively accepts the default AD Server as a param (red), but how can I set this dynamically for each script?

var computers = ActiveDirectory.getComputerADRecursively(strComputer,defaultADServer);

System.log("Computer count: "+computers.length);

for each (pc in computers){

    System.log("Checking computer: "+pc.name);

    if (strComputer.toLowerCase() == pc.name.toLowerCase()){

        System.log("Found Computer: "+pc.name)

  computer = pc;

    }

}

B) have 2 versions of the "Configure Active Directory Plugin options" and hard code the 2 different defaults hosts in each one? then I can call the relevant flow before i delete a computer from that domain?

0 Kudos
stvkpln
Virtuoso
Virtuoso

Ok, so.... you can't set multiple default servers (which stands to reason, there's a reason it's called default)... You'll need to write a wrapper code to find the correct AD:AD_Host you want to run whatever search, etc against. I don't readily have access to the code I used to do this, but it shouldn't be that hard to sort out.

-Steve
0 Kudos
igaydajiev
VMware Employee
VMware Employee

"Default AD Servers" is plugin level setting. What this mean is that you can have single default server configured. This setting is introduced for backward compatibility of the plugin.

Previous versions of the plugin were working with single AD host all scripting API was assuming this host for example ActiveDirectory.getComputerADRecursively(strComputer) .

When the functionality for multiple hosts was added existing scripting code that does not provide the AD host will perform the opertaion over the default AD host configured. If such host is not configured an error is reported. 

To perform the operation over specific AD host all scripting functions  were extended to receive additional parameter of type ADHost.

In order to search for computer in specific AD host it must be provided as input parameter

    ActiveDirectory.getComputerADRecursively(strComputer, adHost)


>> A) hard code these values into 2 different versions of destroyVM flow I have, one for each domain? I know getComputerADRecursively accepts the default AD Server as a param (red), but how can I set this dynamically for each script?

    ActiveDirectory.getComputerADRecursively(strComputer, adHost)

Invoking getComputerADRecursively and providing AD  host will execute the operation in this host. You could either provide it as input parameter to the WF itself or resolve it by some custom logic.


>> B) have 2 versions of the "Configure Active Directory Plugin options" and hard code the 2 different defaults hosts in each one? then I can call the relevant flow before i delete a computer from that domain?

No need to switch the default as long as you are able to resolve which host need to be used simply provide it to the corresponding scripting function as last parameter.

0 Kudos
houghtp
Contributor
Contributor

thanks but how do i specify the ADHost in ActiveDirectory.getComputerADRecursively(strComputer, adHost) or get a vCO type of ADhost bearing in mind i need to do this for multiple domains.

I've tied ActiveDirectory.getComputerADRecursively(strComputer, "ldap://dc-01.test.net:386") but it doesn't work.

0 Kudos
igaydajiev
VMware Employee
VMware Employee

I have attached sample workflow that can list all available AD:AdHosts, and execute find recursively over particular host provied as input to the workflow

Here is the scripting

-------------

// printing avaialble ad hosts

// custom logic for resolving the corect one can be implemeted based on the returned list

var adhosts = Server.findAllForType("AD:AdHost");

System.log("Number of hosts "  + adhosts);

for (host  in adhosts ){

  System.log(adhosts[host]);

}

//search in adhost provided as  input to the wf

var res = ActiveDirectory.searchRecursively("User", "vcoadmin", adHost)

System.log(res);

--------------

note that any of the returned adhosts[host]  can be used in place of adHost.

0 Kudos
houghtp
Contributor
Contributor

excellent - thank you very much!

0 Kudos
DLally
Enthusiast
Enthusiast

I'm not sure what value to use in this to set the adHost?

Here's an example..

Number of hosts DynamicWrapper (Instance) : [AD_Host]-[class com.vmware.o11n.plugin.ad.model.AdHost] -- VALUE : #_v2_#,#RootItem#,#123sdf34-g4s1-h6da-9cec-0bd0e36c832b#

0 Kudos
RonPSSC
Enthusiast
Enthusiast

Hi DLally;

I stumbled on this following a search for my own needs. A little late responding but figured my answer may yield some benefit to you and perhaps others in future.

I've attached a self-explanatory Workflow that will help you set a specific AD Host in which to execute the "destroy" Computer Account functionality. The workflow was designed particularly for non-default AD Servers but can be used with your default also.

It's primarily based on the logic provided above by the originator of this post. It's not pretty and can probably be enhanced somewhat but, it works.

You can bind this workflow to the default vCAC Machine Disposing Stub workflow or any other workflow that can provide the virtualMachineEntity (vCAC:Entity) parameter as input to the workflow.

In addition to the above, I've attached another simple/interactive Workflow that will allow you to manually test functionality of the automated workflow before implementing in your environment.

Simply input the name of any Computer (test) Account that exists within your chosen AD environment to test removal of the object from the required domain.

As with all workflows, use with caution. Smiley Happy

Hope this helps.

Ron