5 Replies Latest reply on May 7, 2018 7:31 AM by FreddyFredFred

    move AD computer account to new OU

    FreddyFredFred Enthusiast

      I need to create a workflow to move an AD computer account from one OU to another at the end of my workflow. From another thread on here I think I need to use ActiveDirectory.rename() but I'm not sure of the syntax to use and I don't want to destroy active directory (the little help option doesn't name it 100% clear at least for me)

       

      I believe the code below will do what I want but I don't know what to put where the ??? is:

       

          var temp = ActiveDirectory.getComputerAD(vmName);

          ActiveDirectory.rename(vmName.distinguishedName,???,"CN="+vmName+",OU=mynewou,OU=MyDivision,DC=MYDOMAIN,DC=COM");

       

      Do I just put null and the function will ignore the rename part and try to do the move?

       

      Thanks

        • 1. Re: move AD computer account to new OU
          iiliev Champion
          VMware EmployeesCommunity Warriors

          Hi,

           

          In your code snippet, I think the first argument to rename() call should not be vmName.distinguishedName but temp.distinguishedName, right (assuming vmName is a string)?

           

          As for the second argument (???) I think providing a null won't work. Looking at the source code of the plug-in, you should provide either:

           

          1) a valid RDN (relative distinguished name); something like "CN=vmName", or

          2) a valid RDN attribute value; something like "vmName". in this case, the corresponding RDN attribute name will be the same as the first RDN attribute name of the first argument of rename(). In your case, if your AD computer has DN like "CN=vmName, OU=myoldou, OU=MyDivision, DC=MYDOMAIN, DC=COM", the RDN attribute name (CN) of the leftmost RDN (CN=vmName) will be taken and will be used together with the RDN attribute value you provided to form the second argument to rename() call.

           

          So, in the example above, as a second argument to rename() call you should pass either "CN=vmName" or "vmName".

          • 2. Re: move AD computer account to new OU
            FreddyFredFred Enthusiast

            Hi Ilian,

             

            You are correct about my 'temp' code, typo on my part during the cleanup before posting vmName is a string, it's an input for the workflow.

             

            I realize there's actually another mistake in my sample code (really bad cleanup on my part) but with your explanation I got my code work.

             

            The correct form is as follows, assuming I didn't make another typo, where vmName is a string input on the workflow:

             

            var temp = ActiveDirectory.getComputerAD(vmName);

             

            ActiveDirectory.rename(temp.distinguishedName , "CN="+vmName , "OU=my new ou,OU=MyDivision, DC=MYDOMAIN, DC=COM")

             

             

            In the script editor when I look at the description for the rename method it seems to imply that you need to provide the CN=vmname as part of that third parameter but that's not correct, you need to drop it. That's where my confusion came from. Maybe the description can be reworded a bit to make it more clear how to use the move capability of the rename method?

             

            edit: geez, i'm really bad a putting code in posts. fixed it again

            • 3. Re: move AD computer account to new OU
              igaydajiev Expert
              VMware Employees

              Hi FreddyFredFred

               

              Thanks for the feedback will try to  come up with something better for next release regarding rename() method documentation.

              • 4. Re: move AD computer account to new OU
                DLally Enthusiast

                Are you saying this is the correct syntax below?

                 

                var temp = ActiveDirectory.getComputerAD(vmName);

                 

                ActiveDirectory.rename(temp.distinguishedName , "CN="+vmName , "OU=my new ou,OU=MyDivision, DC=MYDOMAIN, DC=COM")

                 

                 

                 

                I've tried similar to this and have not been able to get it to work.  I am specifying the ADhost on the getcomputerAD and on the rename as well. 

                 

                It either errors with:

                Rename entry failed!00002089: UpdErr: DSID-031B0CF0, problem 5012 (DIR_ERROR), data 3

                (Workflow:Move Computer to OU / Scriptable task (item1)#16)

                 

                or

                 

                Rename entry failed!00002089: UpdErr: DSID-031B0CF0, problem 5012 (DIR_ERROR), data 2

                (Workflow:Move Computer to OU / Scriptable task (item1)#11)

                 

                Any ideas?

                • 5. Re: move AD computer account to new OU
                  FreddyFredFred Enthusiast

                  I haven't used my code in a while as I managed to find a way to avoid having to move computer objects around but checking my workflow, this is the exact code I was using (sanitized of course) where my inputs where vmName (string) and dc (number)

                   

                  var temp = ActiveDirectory.getComputerAD(vmName);

                   

                  var newOu;

                   

                  switch (dc) {
                  case 1:
                  newOu = "OU=OU1,OU=Servers,OU=MyOU,DC=MYDOMAIN,DC=COM";
                  case 2:
                  newOu = "OU=OU2,OU=Servers,OU=MyOU,DC=MYDOMAIN,DC=COM";
                  case 3:
                  newOu = "OU=OU3,OU=Servers,OU=MyOU,DC=MYDOMAIN,DC=COM";
                  .........
                  }

                   

                  ActiveDirectory.rename(temp.distinguishedName,"CN="+vmName,newOu);

                   

                  If you google the error other people seem to have similar issues with other products and it's looks like a config error. For the active directory plugin config i set my base as dc=mydomain,dc=com .