I've deployed a VM to a Project. The user I wish to change owner to is a member of the 'Project Members' group.
When I select 'Change Owner' on the deployment, the 'change owner' dialog pops up, but contains NO options for a New Owner ("No matching values found"). No searches return any results (there are 15 accounts in this group for testing, but nada). The user and groups all appear synced correctly in vIDM, the user can log into vRA fine, they can see the deployment and play with it (all VMs in the project are shared)... Tried with multiple projects with different member groups to the same effect. Any ideas?
I think last time we tried this, the only "owners" we could select were the actual groups we give permissions to in the Project. If we assigned a particular user to a project, then that user could be selected. But we assign groups to projects (not users), so this functionality has been mostly useless for us. We're still on 8.4.2.
I was afraid it was something like that (I considered adding a user instead of a group for testing...)
Well, so you know, this hasn't been 'fixed' in 8.6.1.
There's a few basic pieces of functionality that need to exist before 8.x can go production (this and 'offboarding' for 2). I wonder who'll be ready for production first, me or it!
As per VMware this should be fix in 8.6.1 but it is fixed not yet. Change owner gives only option of user which are add in Project not the group. Let us know if you get any workaround on this.
As mentioned, the only solution is to actually add the user to the project (vs being in a group). Once you've changed owner, you can remove the user from the project. Not a good "solution" for me because I don't like to add users to a project, just groups.
Thanks for the head up on this still being an issue in 8.6.2!
This will be a non-starter for us. I have around 800 people in the group for our general users and am not about to starting having them put in tickets to have us manually add the person they want to transfer a server to explicitly in a project they are already in via the security group so they can do it then take them back out of explicitly being there again. The whole point is self-service.
Off boarding will be an issue as well. Each month we have servers that were recovered from backup as a different vSphere machine object and we have to unregister the old one and import the new one in 7.6.
I'm Mehdi Limonadi, a Product Manager for the vRealize Automation Product.
This feature request is a known issue and is a very high priority for us. We are in the final stages of deploying the feature/fix that allows members within AD groups added to a project as available options in the "Change Owner" day-2 action for deployments.
You should see this in the next few release cycles, keep your eyes on the patch notes! I'll make sure it's prominently in there for everyone facing this issue.
HI, in our environment (8.6.2) we did a workaround - D2A: first, check if the user exists in the AD, assign the user to the project as a member, change owner and remove the user from the Project.
You're reading my post a bit too optimistically 😅 I'll be clear, it is NOT in the 8.7 release, but it is coming in the next few release so please keep watching the patch notes
i have done something similar in a WF - run the wf, enter in the AD user, checks if their group is in the project, adds the user, calls the action changeowner - owner is set - then it removes the user from the project. The issue i am having is if i make this a custom action it errors out with something like - there is an action already in progress please wait until it is finished - i am paraphrasing of course. So i am trying to figure out a way to call the official changeowner directly without having to use the deployment.action method. Any ideas or help - i am not sure if you made yours a custom action or not so.... @gojkotodorovic
Hi, all my actions are default vRO ("invokeRestOperation"). I had a situation where the action produced an error message, but after every executed action, I grabbed the link to check the status of the action (with the one sleep of 15s between requests). Bellow, you can see the sample, and it has been used for the migration vRA7x to 8x (approx 2000 VMs without any issue).
This should be addressed in 8.8 as per Release notes:
Support change owner Day2 action for single user that is part of an AD group
Support changing deployment owner to users that are part of AD groups which are project administrator or project member.
Note: If user is a project viewer or supervisor, they are not eligible to be owner of a deployment.
vRA 8.8 indeed has fixed the issue for AD group user validation for change owner; i.e. it will search AD groups now for the user account in question YAY!! the built in Day 2 action works
Note: however if you have tied the owner to any custom properties like email address associated with the owner when you change to the new owner you will need an EBS sub to change the payload and post back to the deployment