VMware Cloud Community
avirtualworld
Contributor
Contributor
‎06-11-2012 05:46 PM
Jump to solution

Active Directory Plugin - Adding User to Group

Does anyone have any insight as to whether it is possible to add an existing user to an AD Security Group and how it was achieved?

*UPDATE

I see there is a method in the com.vmware.library.microsoft.ActiveDirectory called getUserFromContainer that accepts a container and an accountName.


Does anyone know what these represent? The container is specified as a string representing the given OU or Group. Can this be just the OU name or does it require the full path? Is user name the account name or the display name?

Thanks!

0 Kudos
1 Solution

Accepted Solutions
Burke-
VMware Employee
VMware Employee
‎06-12-2012 07:05 AM
Jump to solution

You haven't indicated how you plan on running the workflow... if you are simply running it from the client or a Webview, you are prompted for the object and you can use the chooser to locate and select the inputs...

However, if you are calling from an external system, this becomes more challenging... the common approach is to create a simple workflow that gets a user object by name or other object by name... For example, if I want to get an AD:User object for the account name bazbill, I would do something along these lines:

Create an action called getADUserByName and use the action in a workflow:

var users = ActiveDirectory.search("User" , userName);
if (users.length > 1){
  throw "Multiple matching users found: " + userName;
}
if (users.length < 1){
  throw "No matching user found: " + userName;
}
var user = users[0];
return user;

Where "userName" is a string and the returned object is an AD:User object.

A similar approach can be taken to get an AD:UserGroup object:

getADUserGroupByName

var groups = ActiveDirectory.search("UserGroup", groupName);
if (groups.length >1)
{
     throw "Multiple matching groups found: " + groupName;
}
if (groups.length < 1)
{
     throw "No matching group found: " + groupName;
}
var group = groups[0];
return group;
If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter

View solution in original post

0 Kudos
6 Replies
Burke-
VMware Employee
VMware Employee
‎06-12-2012 05:22 AM
Jump to solution

For your first question, there is already a library workflow (once the AD Plug-in is installed) called "Add a user to a user group". This workflow adds an existing user to a group.

For the other part of your question, right click on the action in question and select "Find elements that use this element". You'll see that after creating a user in certain containers/OUs, this action is called to confirm that the user account was actually created. The OU/Container input takes either an AD:OrganizationalUnit object OR an AD:Group object as one of the inputs and the accountName of the user you are looking for.. ie: bazbill.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
0 Kudos
avirtualworld
Contributor
Contributor
‎06-12-2012 06:25 AM
Jump to solution

Thanks for your reply -

I understand the required input types for the Workflow to add the user. The problem is that the group, and likely the user, will already exist. I will thus need to use the library to obtain the appropriate objects to pass to the workflow. So, the question I guess, is how do I obtain an object reference to the OU so that I can obtain the Group reference - when I don't have access to an existing AD:OrganizationalUnit object.

0 Kudos
Burke-
VMware Employee
VMware Employee
‎06-12-2012 07:05 AM
Jump to solution

You haven't indicated how you plan on running the workflow... if you are simply running it from the client or a Webview, you are prompted for the object and you can use the chooser to locate and select the inputs...

However, if you are calling from an external system, this becomes more challenging... the common approach is to create a simple workflow that gets a user object by name or other object by name... For example, if I want to get an AD:User object for the account name bazbill, I would do something along these lines:

Create an action called getADUserByName and use the action in a workflow:

var users = ActiveDirectory.search("User" , userName);
if (users.length > 1){
  throw "Multiple matching users found: " + userName;
}
if (users.length < 1){
  throw "No matching user found: " + userName;
}
var user = users[0];
return user;

Where "userName" is a string and the returned object is an AD:User object.

A similar approach can be taken to get an AD:UserGroup object:

getADUserGroupByName

var groups = ActiveDirectory.search("UserGroup", groupName);
if (groups.length >1)
{
     throw "Multiple matching groups found: " + groupName;
}
if (groups.length < 1)
{
     throw "No matching group found: " + groupName;
}
var group = groups[0];
return group;
If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
0 Kudos
avirtualworld
Contributor
Contributor
‎06-12-2012 08:15 AM
Jump to solution

This is great - thanks.

Will this work similarly for a Container?

var containers = ActiveDirectory.search("Container" , containerName);
0 Kudos
avirtualworld
Contributor
Contributor
‎06-12-2012 08:27 AM
Jump to solution

Solved this - UserGroup will also identify Containers.

0 Kudos
avirtualworld
Contributor
Contributor
‎06-12-2012 09:06 AM
Jump to solution

Is there a way to target a particular Container? I am getting multiple results for every user I search for because of the size and complexity of AD.

Is the ActiveDirectory.search library fully documented? Can you point me to the spec?

0 Kudos