I am looking for a way to allow a user to choose their AD bind location at request time in vRA 8.1. We were able to achieve this in 7.6 by overriding a custom property and away it went, so now I'm trying to achieve that same behavior within 8.x. I've already got AD integration configured and I can see vRA creating/deleting computer objects in the configured OU. Now I'm looking for a way to override the location.
I understand it may be possible if we bypass the use of AD integration in favor of event subscriptions and custom workflows. I've also read a few users here complain that AD integration has a few bugs in it where objects are not getting created. Ideally I'd first like to give AD integration a shot before looking at the subscription method.
Any thoughts are welcomed. Thanks for reading.
Hello, hope you are doing fine
I think what you are looking for is in vRA Identity Manager --> Identity and Access Management --> Select your directory --> Sync Settings --> Groups/Users
Hope this works
Warm regards
Correct me if I'm wrong but those appear to be just the DN of where the group is located? What I'm looking for a is a property I can override similar to 7.6 to dynamically change the AD bind location.
Sorry, the cropping has gone bad lol
You can do it from here
From the users side you can set filters
I guess what I'm missing here is how to use this for specifying where to create a computer account object when binding (joining) it to AD?
I don't see any obvious way.
Based on when it the object is created, it seems to happen after compute.provision.pre and before compute.provision.post, but I could be missing something there. I am logging the properties for multiple event topics (including those two), and I don't see any that refer to the OU that has been configured. It's possible that a relevant property could be in a topic I'm not logging though? Or maybe an undocumented property?
Aside from a specific/known property, I thought maybe you could add a project to an AD integration multiple times with different OUs/Tags for each, and use the tags in the blueprint somehow to choose the one with the OU you want. But it looks like you can only add a project once, and therefore one OU per project.
I hoped that maybe you could reference a property in the Relative DN field like you can for the naming template in a project, but that doesn't work either. It looks like the full DN Path is validated before it allows you to save it. I was thinking/hoping to use something like ${resource.ou} ....
I'm certainly no expert, so it could still be doable, but nothing jumps out as to how...
Did you get this resolved ? I am looking at doing the same kind of thing … add the machine name to AD during deployment.
I didn't. What I ended up doing is just not using the AD integration at all and built workflows to do this for me then trigger them with event subscriptions. I would much prefer to use AD integration, but it's not there yet.
Full disclosure, I work here, but we provide as part of our integration and extensibility solutions.
We have a free trial available - and you can see if it solves it. https://www.cloudbolt.io/onefuse/