The whole AD-plugin seems to be kind of broken...

My AD:ActiveDirectory input element has no search method, it has a searchComputer method.

It also has a userGroups attribute but I was not able to access that attribute, because the input element is not being populated with my Active Directory instance, either via presentation nor via predefined value:

But after running a test script, all I get is:

I am really confused...

some log entries, maybe it could help someone:

2014-05-07 16:06:40.178+0200 [http-bio-0.0.0.0-8281-exec-8] ERROR {} [LdapElement] LDAP Error : java.lang.ClassCastException: ch.dunes.login.ldap.LdapElementGeneric cannot be cast to ch.dunes.login.ldap.LdapGroup

2014-05-07 16:06:40.521+0200 [http-bio-0.0.0.0-8281-exec-8] ERROR {} [LdapElement] LDAP Error : java.lang.ClassCastException: ch.dunes.login.ldap.LdapElementGeneric cannot be cast to ch.dunes.login.ldap.LdapGroup

2014-05-07 16:06:40.849+0200 [http-bio-0.0.0.0-8281-exec-8] INFO  {} [Execution] Executing workflow 'testAD'

2014-05-07 16:06:40.865+0200 [org.springframework.jms.listener.DefaultMessageListenerContainer#0-1] INFO  {} [Execution] Invoking workflow handler.8a35659045d6edd20145d701f4d10037

2014-05-07 16:06:40.989+0200 [WorkflowExecutorPool-Thread-6] WARN  {myuser:testAD:e2a02e4c-47f3-484e-ab9f-9c03fd84bed6:8a35659045d6edd20145d701f4d10037} [Container] DN not corresponding to an object of this type

2014-05-07 16:06:40.989+0200 [WorkflowExecutorPool-Thread-6] WARN  {myuser:testAD:e2a02e4c-47f3-484e-ab9f-9c03fd84bed6:8a35659045d6edd20145d701f4d10037} [MSPluginFactory] Object 'OU:DC=xxxx,DC=yyyy,DC=com' of type ActiveDirectory not found

2014-05-07 16:06:40.989+0200 [WorkflowExecutorPool-Thread-6] INFO  {myuser:testAD:e2a02e4c-47f3-484e-ab9f-9c03fd84bed6:8a35659045d6edd20145d701f4d10037} [SCRIPTING_LOG] [testAD (07.05.14 16:06:40)] notfound

2014-05-07 16:06:41.005+0200 [http-bio-0.0.0.0-8281-exec-8] WARN  {} [Container] DN not corresponding to an object of this type

2014-05-07 16:06:41.005+0200 [http-bio-0.0.0.0-8281-exec-8] WARN  {} [MSPluginFactory] Object 'OU:DC=xxxx,DC=yyyy,DC=com' of type ActiveDirectory not found

2014-05-07 16:06:41.239+0200 [http-bio-0.0.0.0-8281-exec-5] WARN  {} [Container] DN not corresponding to an object of this type

2014-05-07 16:06:41.239+0200 [http-bio-0.0.0.0-8281-exec-5] WARN  {} [MSPluginFactory] Object 'OU:DC=xxxx,DC=yyyy,DC=com' of type ActiveDirectory not found

You don't need to use an input parameter to access active directory.

Once you have configured the active directory server, you can use the ActiveDirectory methods and attributes.

Do you have configured the active directory server with the Workflow "\Library\Microsoft\Active Directory\Configuration\Configure Active Directory server" ?

Try to use my code above in one of your workflows.

Yes, I used the Library workflow to add my AD.

Just tried this one:

var my_UserGroup = ActiveDirectory.search("UserGroup","MyGroupName");

System.log(my_UserGroup);

if (my_UserGroup.length == 1) {

     var my_Members = my_UserGroup[0].userMembers;

  System.log(my_Members);

  System.log(my_UserGroup[0].userMembers);

  System.log(my_UserGroup[0].distinguishedName);

   for each (var user in my_Members) {

          System.log(user.accountName);

     }

}

and got:

[2014-05-07 15:25:50.553] [I] DynamicWrapper (Instance) : [AD_UserGroup]-[class ch.dunes.ad.object.UserGroup] -- VALUE : UserGroup:CN=MyGroupName,OU=MyOU,OU=MyOU2,OU=MyOU3,DC=xxxx,DC=yyyy,DC=com

[2014-05-07 15:25:52.285] [I]

[2014-05-07 15:25:52.285] [I]

[2014-05-07 15:25:52.285] [I] CN=MyGroupName,OU=MyOU,OU=MyOU2,OU=MyOU3,DC=xxxx,DC=yyyy,DC=com

Looks like what I wrote before, there is a difference between AD:blabla and AD_blabla

Are you sure, that there are user members in this group?

Now you get here ([2014-05-07 15:25:52.285] [I] CN=MyGroupName,OU=MyOU,OU=MyOU2,OU=MyOU3,DC=xxxx,DC=yyyy,DC=com) the distinguishedName of your group.

The two outputs before are the content of my_UserGroup[0].userMembers. It's an empty output, so there are no members. Otherwise there will be an ouput like undefinded or so.

Try to use the attributes "computerMembers" or "groupMembers" of the AD_UserGroup object. Then you get computers and groups, which are member of this group.

It could look like that:

var my_UserGroup = ActiveDirectory.search("UserGroup","MyGroupName");

if (my_UserGroup.length == 1) {

     var my_users = my_UserGroup[0].userMembers;

     var my_computers = my_UserGroup[0].computerMembers;

      var my_groups = my_UserGroup[0].groupMembers;

   for each (var user in my_users) {

          System.log(user.accountName);

     }

   for each (var computer in my_computers) {

          System.log(computer.distinguishedName);

     }

   for each (var group in my_groups) {

          System.log(group.distinguishedName);

     }

}

"The two outputs before are the content of my_UserGroup[0].userMembers. It's an empty output, so there are no members. Otherwise there will be an ouput like undefinded or so."

That is all correct, but trust me, the group has plenty of members. It is a global security group, does it make a difference whether it is a domain local or global group?

my_UserGroup[0].userMembers.length is 0, so it is defined but seems to be empty, the group is in fact not empty, I have double checked it.

Just tried it with an other group (Administrators, which is definitely not empty:-) and .groupMembers is working (yeah!), but .userMembers has still no value.

Yes, we have commas in the CN indeed. Time for a SR, I will let you know if this resolved my problem. Thanks.

The patched version works like a charm. Thanks for the hint.

Awesome! Glad that worked out for you. I was starting to get *really* frustrated with the 1.0.4 plugin.... 1.0.3 had some oddities, but at least it worked. Silly plugins.

Somehow I missed this one.

There is a tech preview version including fix for comma in CN value here : Technical preview version of VMware vCenter Orchestrator Plug-In for Microsoft Active Directory 1.0....