3 Replies Latest reply on Aug 14, 2019 2:54 PM by craigso

    Retrieving AD policy from business group?

    craigso Enthusiast

      I am trying to get the AD policy (specifically the distinguished name) from a business group and I'm hitting a road block. Sample code is below.

       

      var subtenantId = System.getContext().getParameter("__asd_subtenantRef");
      
      var cafeHost = Server.findAllForType("vCACCAFE:VCACHost")[0];
      var businessGroups = vCACCAFEEntitiesFinder.getSubtenants(cafeHost);
      
      for each (group in businessGroups) {
          if (group.id == subtenantId) {
               var dn = vCACCAFESubtenantHelper.getADContainer(group);
               System.log(vCACCAFESubtenantHelper.getADContainer(group));        
          }
      }
      

       

       

      For some reason dn is null? I can get other properties form the business group but not the AD policy info?

       

      My goal is either to get the AD policy name, which I can then lookup and get the distinguished name from the policy directly, or simply get the distinguished name directly from the blueprint. Is there a better way to go about this?

       

      Thank you for reading.

        • 1. Re: Retrieving AD policy from business group?
          Hejahida82 Hot Shot
          VMware Employees

          To get the AD Policy name from the business group you can do the following against the vCACCAFEBusinessGroup object. I haven't found a way to get the DN value from the business group yet.

           

          //get the vCACCAFEBusinessGroup object(shown under Business Group (Deprecated) in the vRO inventory viewer)
          var businessGroup = vCACCAFEEntitesFinder.getBusinessGroup(cafeHost, subTenantId);
          
          //get the custom properties of the business group object 
          var properties = businessGroup.customProperties;
          for each (var prop in properties){
               if(prop.name == 'ext.policy.activedirectory.system.id'){
                    //the custom property name matches the AD Policy property name
                    var adPolicyName = prop.value;
                     System.log('Found AD Policy assigned to BG with name: ' + adPolicyName);
               }
          }
          
          

           

           

          Add in some error handling in case it can't find the policy or if for some strange reason it finds more than one.

          1 person found this helpful
          • 2. Re: Retrieving AD policy from business group?
            craigso Enthusiast

            This worked out great!

             

            I am able to get the DN using the AD policy name. Once I get the code cleaned up a bit and add some error handling I'll post it.

            • 3. Re: Retrieving AD policy from business group?
              craigso Enthusiast

              So I took the snipped of code posted by Hejahida82  and combined it a modified version of the built in action com.vmware.vra.ad\getPolicyConfig. The end result, grab the subtentantId from the blueprint, find the ad policy (name) associated with the business group, then lookup the AD policy to grab the distinguishedName property value. This is working in vra 7.6.

               

              If anyone us curious, the reason I needed the DN is so I can use this as a parent OU. Then iterate through the sub OUs, and build a list to allow a user to select where to provision their VM in Active Directory.

              It would probably be better to allow for a user to do this visually using the tree value picker element, but I didn't see a way to limit the tree to a specific parent OU. If anyone has ideas on this, I have a thread on that located here:  Custom Form - Tree Value Picker - Can I set the viewable scope?

               

               

              var subtenantId = System.getContext().getParameter("__asd_subtenantRef");
              var cafeHost = Server.findAllForType("vCACCAFE:VCACHost")[0];
              
              
              //get the vCACCAFEBusinessGroup object(shown under Business Group (Deprecated) in the vRO inventory viewer)  
              var businessGroup = vCACCAFEEntitiesFinder.getBusinessGroup(cafeHost, subtenantId);  
                
              //get the custom properties of the business group object  
              var adPolicyName =[]; 
              var properties = businessGroup.customProperties;  
              for each (var prop in properties){  
                   if(prop.name == 'ext.policy.activedirectory.system.id'){  
                        //the custom property name matches the AD Policy property name  
                        adPolicyName.push(prop.value);  
                        System.log('Found AD Policy assigned to BG with name: ' + prop.value);  
                   }  
              }  
              
              
              if (!adPolicyName.length){throw "Business group does not have AD policy assigned!"}
              if (adPolicyName.length > 1){throw "Business group returned multiple Active Directory Policies!"}
              
              
              // Create REST client to ASD service
              var restClient = cafeHost.createAdvancedDesignerClient();
              var policyObject = null;
              
              
              try {
                   // Get request expanding template variables in order.
                   policyObject = restClient.getWithVariables("policies/hrid/{hrid}", [adPolicyName[0]]).getBodyAsJson();
              } catch (error) {
                   throw "No policy with id '" + adPolicyName[0] + "' found. Error: " + error;
              }
              
              
              var ret = {};
              // grab the values in the the AD policy
              for each(prop in policyObject.properties.entries) {
                   var val = prop.value ? prop.value.value : null;
              
                   switch(prop.key) {
                        case "ext.policy.activedirectory.domain":
                             ret.domainName = val;
                             break;
                        case "ext.policy.activedirectory.orgunit":
                             ret.ouDN = val;
                             break;
                        case "ext.policy.activedirectory.endpoint.id":
                             ret.adHostId = val;
                             break;
                        default:
                             System.log("Unrecognized property '" + prop.key + "' with value = '" + val);
                   } 
              }
              
              return ret;