VMware Cloud Community
zimit
Contributor
Contributor
‎02-22-2018 04:47 AM
Jump to solution

vRO 7.0.1 - Get AD Computer Attributes

hi all,

I'm trying to retrieve specific attribute of specific AD computer.

I saw that there are api in vRO 7.0.1 but I'm not sure how to use it.

can someone please help with it and show me some examples to achieve this goal?

thank you

Reply
1 Solution

Accepted Solutions
SeanKohler
Expert
Expert
‎02-25-2018 01:54 PM
Jump to solution

Hmmm...

That does not seem to be plugin related.  You have the right mechanism to read the attribute.

Does your VRO service account for the AD plugin have permission to read the attribute in AD?  Are you using shared session user?

pastedImage_3.png

Set-AdmPwdReadPasswordPermission -OrgUnit <name of OU on which you want to delegate the permissions> -AllowedPrincipals <identification of users/groups that should be allowed to read password> LINK

Are there others you cannot read?

View solution in original post

Reply
6 Replies
SeanKohler
Expert
Expert
‎02-23-2018 09:14 PM
Jump to solution

Sure. I will try to remember to put something together tomorrow that explains how to get any attribute on any AD object.

How is your JavaScript?

Reply
0 Kudos
zimit
Contributor
Contributor
‎02-24-2018 11:37 PM
Jump to solution

hi,

My JS is fine...

actually I wrote some JS to retrieve AD_Computer attribute, the issue comes when trying to retrieve specific AD Computer object attribute (Microsoft LAPS attribute named: "ms-Mcs-AdmPwd").

Any other AD computer object attribute shows without any problem...

I must say that when retrieving this attribute with PowerShell, I have no issue an everything is fine.

you can see the script I wrote to retrieve the attribute:

 
var compObj = ActiveDirectory.getComputerAD(inServerName,attADHost); // Retrieves AD Computer object from AD
 
if(compObj) // checks if computer found
{
 if(compObj.getAttribute(attADCompAttribute)) // checks if has any value in attribute
 {
 System.log("Computer Attribute Value: " + compObj.getAttribute(attADCompAttribute));
 }
 else
 {
 System.log("Attribute '" + attADCompAttribute + "' seems as empty or null");
 }
}
else
{
 System.log("Computer not found in AD, please try again");
}
Reply
0 Kudos
daphnissov
Immortal
Immortal
‎02-25-2018 06:44 AM
Jump to solution

It's possible the vRO AD plug-in just doesn't store or can retrieve that attribute. I'm not super familiar with LAPS, but some quick reading shows this attribute requires special permissions and not just any account can read it.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
SeanKohler
Expert
Expert
‎02-25-2018 01:54 PM
Jump to solution

Hmmm...

That does not seem to be plugin related.  You have the right mechanism to read the attribute.

Does your VRO service account for the AD plugin have permission to read the attribute in AD?  Are you using shared session user?

pastedImage_3.png

Set-AdmPwdReadPasswordPermission -OrgUnit <name of OU on which you want to delegate the permissions> -AllowedPrincipals <identification of users/groups that should be allowed to read password> LINK

Are there others you cannot read?

Reply
zimit
Contributor
Contributor
‎02-25-2018 11:55 PM
Jump to solution

thanks a lot!!!

I totally forgot about LAPS permissions

Reply
0 Kudos
Vagdeviketha
Contributor
Contributor
‎09-01-2023 11:31 AM
Jump to solution

Can you please tell me to get ad computer object that if matchs th starting name 

 

I will be thankful to you if you can help me with this 

Reply
0 Kudos