Well you can but not at the same time. You need to reconfigure the AD host and make sure that any other workflow accessing AD object are finished before you do it.

I hope you are correct, because i'm missing that multi-Domain feature, too

No, this functionality is still not yet in the released AD Plug-in.

I've got one AD forest with a root domain and a child domain, are you saying the AD plugin will not allow me to query the child domain if configured with the root domain or vice versa?

Do you know when this is likely to be supported? This is quite strange since I can easily query the root domain from the child domain even with a delegated user account that only has read permissions on the root domain but full domain admin rights on the child domain.

I created a custom workflow to try this and it finds the OU but I get this error:

Failed to create user group... [LDAP: error code 21 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1 ]

I logged a support request for this about a year ago. No movement on that, I even offered to do it for them if they gave me the source.

I have long since abandoned vco for AD orchestration.

I'd highly recommend following Burke's advice and wrapping the native commands.  I did this nearly two years ago and it was time well spent. I'm not sure what is going on in the plugin but it really probably needs to be re-written at this point.  I say that not having looked at the most recent version but it sounds as if they have only added some very limited tweaks to it.  Unless you have a very basic and small directory it won't function.  Even when I configured it to only interact with one of our resource domains it was so painfully slow it made what I was trying to do impossible.

Thanks, that's helpful.

And yeah there's over 4000 objects in the forest and growing fast so it is quite painfully slow.

I think I'd rather go that way you and Burke recommend, I have a powershell script used for other tasks that can be used. I guess I can have input and output parameters parsed into a powershell script in the same way as the JavaScript in the workflow code?

Or just use the RSAT tools instead. Either way, I'm looking for examples on how I can incorporate that into a workflow and be able to call it from vCAC, I would like to do it the same way I am currently doing, by using workflow stubs and properties in my Blueprint in vCAC and then to insert those as inputs into a workflow that calls a powershell script or just runs the RSAT tools.

Any help is appreciated and many other people/organisations out there are interested in this!

Thanks

Here is some code that should get you going.  Its not my best work (some of my first vCO attempts) and I have been meaning to rewrite this for a long time but it should query objects just fine.  I have a whole series of related actions and workflows that build upon this as the core.  For example I have a queryMachine which just prompts for a computer name plugs in everything else.  I would suggest updating this to only return the attributes you care about.  Right now it returns all attributes which isn't very polite.