VMware Cloud Community
TobiasMesch
Contributor
Contributor

vRO 8.2 - Empty results for Active Directory group members

Dear community,

could you please help me on my way to get the group and user members of an active directory group?

  • vRO version: 8.2.0.13070 (17151459), but the same problem occurs in the VMware Hands-on-Labs (version 8.3.x)
  • I tried it with 2 different connections where I used the "Add an Active Directory server" workflow to add them
    • LDAPS, Port 3269 (GC)

Configuration:

 

ldapBase	OU=0008,OU=0123RaspBerry,OU=PineAppleJuice,DC=banana,DC=strawberry,DC=local
bindType	Simple
followReferrals	true
defaultDomain	
url	ldaps://banana.strawberry.local:3269
useSSL	true
loadBalancingMode	SingleServer
subDomainAutoConnect	false
port	3269
sharedUserName	someUser@strawberry.local
useSharedSession	true
name	BANANA
host	banana.strawberry.local
id	12a34bc5-6d78-912a-3bcd-ef1ab3cd4568
@fullType	AD:AdHost

 

    • LDAPS, Port 636

Configuration:

 

alternativeHosts	[]
ldapBase	OU=0008,OU=0123RaspBerry,OU=PineAppleJuice,DC=banana,DC=strawberry,DC=local
bindType	Simple
followReferrals	true
defaultDomain	
url	ldaps://banana.strawberry.local:636
useSSL	true
loadBalancingMode	SingleServer
subDomainAutoConnect	false
port	636
sharedUserName	someUser@strawberry.local
useSharedSession	true
name	BANANA
host	banana.strawberry.local
id	12a34bc5-6d78-912a-3bcd-ef1ab3cd4567
@fullType	AD:AdHost

 

The following approaches gave empty results back without any error:

Approach #1:

 

var adGroups = ActiveDirectory.search('UserGroup', 'SomeGroup');
System.log(adGroups[0].groupMembers); //empty
System.log(adGroups[0].userMembers); //empty
System.log(adGroups[0].distinguishedName); //gave the expected results back

 

Approach #2:

 

//Input: adGroup from type AD:UserGroup
System.log(adGroup.groupMembers); //empty
System.log(adGroup.userMembers); //empty

 

 

Do you have an idea what's wrong here?

 

Best regards, stay healthy and have a nice 2nd advent
Tobi

Reply
0 Kudos
3 Replies
xian_
Expert
Expert

Are you sure SomeGroup has any members? I tested your code and worked for me.

Reply
0 Kudos
TobiasMesch
Contributor
Contributor

Thank you _xian for your help and testing my code! Yes, I checked that.

FYI: It finally worked using this:

 

Server.findAllForType("AD:UserGroup", "SomeGroup")

 

By going through the community it seems like people stumble upon this for years from time to time. I'm very interested in what leads to that problem, but at least I can continue my work now.

 

Thank you very much!

Reply
0 Kudos
qc4vmware
Virtuoso
Virtuoso

I just tested this in our environment and .userMembers properties is empty on the UserGroup object.  We have 7 users in the group.  If I user the .getArrayAttribute() method and specify "members" as the parameter I get back an array of the 7 users in dn format.  Sure seems like we have a bug here still?

I'm curious why grabbing the object via the vRO inventory search would yield a different result than using the plugin to query as it should be the same object being returned?

Reply
0 Kudos