VMware Cloud Community
qc4vmware
Virtuoso
Virtuoso
‎11-03-2021 01:31 PM

vRA 8 / vIDM programmatically add and sync an AD group

I've posted a similar message to the vIDM forum but gotten no response so I'll try here as well.  I've got a scenario where I want to automate project creation and during that creation dynamically add AD groups for access.  We have 100's of thousands of groups here so I can't just sync them all over.  I'd prefer to add them to the sync settings in vIDM and then kick off a sync.  I see examples of kicking off the sync via those api's but nothing on how to update the sync settings.  I'm wondering if somehow via the vRA identity api there is some way to do it if not in the vIDM api.  I'm pretty open to any method of automating this so if anyone has done it or has an idea I'd appreciate the guidance.

Reply
0 Kudos
2 Replies
bdamian
Expert
Expert
‎11-03-2021 02:35 PM

As far as I know, the sync always apply to the hole directory. Even if you add a group manually to the settings and then run a sync, it always sync the hole directory.

If you create new groups for new Projects, then you can put all groups inside an special OU and put that OU as a Base DN.

---
Damián Bacalov
vExpert 2017-2023 (7 years)
https://www.linkedin.com/in/damianbacalov/
https://tecnologiaimasd.blogspot.com/
twitter @bdamian
Reply
qc4vmware
Virtuoso
Virtuoso
‎11-04-2021 01:53 PM

Its totally fine for the whole directory to sync when I kick off the sync.  Unfortunately I don't have control of where the groups end up being created and even if I did it would be somewhat challenging to enforce it.  I really need a way to do it programatically.  I do already use a base dn then I go in and select individual groups from with that base dn.  We have a home grown self service list management tool and when you create a list there it creates a group in AD and dumps them all into this one OU.  So it has an insane amount of groups.

Reply
0 Kudos