Cloud_Automatio
Contributor
Contributor

vRO AD plugin queries using OU

Dear experts:

trying to find user objects in AD using vRO AD plugin. 

ActiveDirectory.searchRecursively("User","somename") method works BUT I have a requirement of performing a search within a given OU. Is there a way to do this with a "search" method - what query i need to provide? 

cn=a,ou=b,dc=d,dc=e,dc=g  did not work nor did ('cn=a,ou=b,dc=d,dc=e,dc=g')

thanks a lot in advance !

Alex Pervukhin

0 Kudos
5 Replies
Mnemonic
Enthusiast
Enthusiast

If it is not a performance issue, you can always look at the result and filter by the distinguishedName.

0 Kudos
vmwaredownload
Enthusiast
Enthusiast

Thanks for your reply Brian.

Unfortunately it is a performance issue - I was requested to query based on OU.

Maybe I will tackle it from a different angle: findAllForType (vRO), looging for AD:OrganizationalUnit, find my vRO OI and get its users?

thanks!

Alex

0 Kudos
vmwaredownload
Enthusiast
Enthusiast

This is what worked for me:

1) when defining AD in vRO - use OU in the base DN, this limits search scope to just that OU;

2) for user queries this works: var user = Server.findAllForType("AD:User", "somename"), take the 1st array element from the search.

Hope this helps,

Alex

0 Kudos
koushik_vmware
Enthusiast
Enthusiast

Hello Alex,

How to get the AD group from vRO scripting ? I would like to search an AD group based on some input parameter.

Below is(any of them) not working for me.

var grp= Server.findAllForType("AD:UserGroup", "somegroupname")

var grp= Server.findAllForType("AD:Group", "somegroupname")

0 Kudos
igaydajiev
VMware Employee
VMware Employee

//=============

// Search in paricular AD host for all security groups starting with "vco" and returns list of UserGroup objects

System.log("==                   ")

System.log("== UserGroups/Security groups ==")

System.log("==                   ")

userGroups = ActiveDirectory.search("UserGroup", "vco", host)

for ( i in userGroups){

   System.log(userGroups[i])

}

//=============

// Search in paricular AD host for all groups (Containers) starting with "vco" and returns list of UserGroup objects

System.log("==                   ")

System.log("== Groups/Containers ")

System.log("==                   ")

userGroups = ActiveDirectory.search("Group", "vco", host)

for ( i in userGroups){

   System.log(userGroups[i])

}

Starting with AD plugin 3.x there is generic LDAP client that can be used to do arbitrary LDAP query

https://communities.vmware.com/people/igaydajiev/blog/2016/07/18/active-directory-plugin-300-new-and...

Ragarding the syntax of LDAP quieries you can refer to https://technet.microsoft.com/en-us/library/aa996205(v=exchg.65).aspx

//=============

// Use generic LDAP client to perform arbitrary LDAP query against specific host.

// Example : Search for all security groups starting with vco* and retunr them as list of LdapEntries

var ldapClient = host.getLdapClient();

var searchResult = ldapClient.search(host.hostConfiguration.ldapBase /* 'dc=somedomain,dc=com' */

  , LdapSearchScope.SUB                                                  // Search also in subentries

  , LdapDereferencePolicy.ALWAYS                                

  , 0

  , 0

  , "(&(objectCategory=group)(cn=vco*))" ) //Query string

// Traverse trough result set

entries = searchResult.getSearchEntries()

for (var e in  entries)

{

  System.log(entries[e].getParsedDN().toNormalizedString());

}

====

To search for particular entry by it's distinguished name you can take a look also at example workflow cumming with AD 3.x plugin "Lookup entry by DN using non-persistent LDAP client"



Hope it helps !

0 Kudos