VMware Cloud Community
craigso
Enthusiast
Enthusiast
Jump to solution

Retrieving AD policy from business group?

I am trying to get the AD policy (specifically the distinguished name) from a business group and I'm hitting a road block. Sample code is below.

var subtenantId = System.getContext().getParameter("__asd_subtenantRef");

var cafeHost = Server.findAllForType("vCACCAFE:VCACHost")[0];

var businessGroups = vCACCAFEEntitiesFinder.getSubtenants(cafeHost);

for each (group in businessGroups) {

    if (group.id == subtenantId) {

         var dn = vCACCAFESubtenantHelper.getADContainer(group);

         System.log(vCACCAFESubtenantHelper.getADContainer(group));       

    }

}

For some reason dn is null? I can get other properties form the business group but not the AD policy info?

My goal is either to get the AD policy name, which I can then lookup and get the distinguished name from the policy directly, or simply get the distinguished name directly from the blueprint. Is there a better way to go about this?

Thank you for reading.

1 Solution

Accepted Solutions
Hejahida82
VMware Employee
VMware Employee
Jump to solution

To get the AD Policy name from the business group you can do the following against the vCACCAFEBusinessGroup object. I haven't found a way to get the DN value from the business group yet.

//get the vCACCAFEBusinessGroup object(shown under Business Group (Deprecated) in the vRO inventory viewer)

var businessGroup = vCACCAFEEntitesFinder.getBusinessGroup(cafeHost, subTenantId);

//get the custom properties of the business group object

var properties = businessGroup.customProperties;

for each (var prop in properties){

     if(prop.name == 'ext.policy.activedirectory.system.id'){

          //the custom property name matches the AD Policy property name

          var adPolicyName = prop.value;

           System.log('Found AD Policy assigned to BG with name: ' + adPolicyName);

     }

}

Add in some error handling in case it can't find the policy or if for some strange reason it finds more than one.

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

View solution in original post

3 Replies
Hejahida82
VMware Employee
VMware Employee
Jump to solution

To get the AD Policy name from the business group you can do the following against the vCACCAFEBusinessGroup object. I haven't found a way to get the DN value from the business group yet.

//get the vCACCAFEBusinessGroup object(shown under Business Group (Deprecated) in the vRO inventory viewer)

var businessGroup = vCACCAFEEntitesFinder.getBusinessGroup(cafeHost, subTenantId);

//get the custom properties of the business group object

var properties = businessGroup.customProperties;

for each (var prop in properties){

     if(prop.name == 'ext.policy.activedirectory.system.id'){

          //the custom property name matches the AD Policy property name

          var adPolicyName = prop.value;

           System.log('Found AD Policy assigned to BG with name: ' + adPolicyName);

     }

}

Add in some error handling in case it can't find the policy or if for some strange reason it finds more than one.

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

craigso
Enthusiast
Enthusiast
Jump to solution

This worked out great!

I am able to get the DN using the AD policy name. Once I get the code cleaned up a bit and add some error handling I'll post it.

Reply
0 Kudos
craigso
Enthusiast
Enthusiast
Jump to solution

So I took the snipped of code posted by Hejahida82  and combined it a modified version of the built in action com.vmware.vra.ad\getPolicyConfig. The end result, grab the subtentantId from the blueprint, find the ad policy (name) associated with the business group, then lookup the AD policy to grab the distinguishedName property value. This is working in vra 7.6.

If anyone us curious, the reason I needed the DN is so I can use this as a parent OU. Then iterate through the sub OUs, and build a list to allow a user to select where to provision their VM in Active Directory.

It would probably be better to allow for a user to do this visually using the tree value picker element, but I didn't see a way to limit the tree to a specific parent OU. If anyone has ideas on this, I have a thread on that located here:  Custom Form - Tree Value Picker - Can I set the viewable scope?

var subtenantId = System.getContext().getParameter("__asd_subtenantRef");

var cafeHost = Server.findAllForType("vCACCAFE:VCACHost")[0];

//get the vCACCAFEBusinessGroup object(shown under Business Group (Deprecated) in the vRO inventory viewer) 

var businessGroup = vCACCAFEEntitiesFinder.getBusinessGroup(cafeHost, subtenantId); 

 

//get the custom properties of the business group object 

var adPolicyName =[];

var properties = businessGroup.customProperties; 

for each (var prop in properties){ 

     if(prop.name == 'ext.policy.activedirectory.system.id'){ 

          //the custom property name matches the AD Policy property name 

          adPolicyName.push(prop.value); 

          System.log('Found AD Policy assigned to BG with name: ' + prop.value); 

     } 

if (!adPolicyName.length){throw "Business group does not have AD policy assigned!"}

if (adPolicyName.length > 1){throw "Business group returned multiple Active Directory Policies!"}

// Create REST client to ASD service

var restClient = cafeHost.createAdvancedDesignerClient();

var policyObject = null;

try {

     // Get request expanding template variables in order.

     policyObject = restClient.getWithVariables("policies/hrid/{hrid}", [adPolicyName[0]]).getBodyAsJson();

} catch (error) {

     throw "No policy with id '" + adPolicyName[0] + "' found. Error: " + error;

}

var ret = {};

// grab the values in the the AD policy

for each(prop in policyObject.properties.entries) {

     var val = prop.value ? prop.value.value : null;

     switch(prop.key) {

          case "ext.policy.activedirectory.domain":

               ret.domainName = val;

               break;

          case "ext.policy.activedirectory.orgunit":

               ret.ouDN = val;

               break;

          case "ext.policy.activedirectory.endpoint.id":

               ret.adHostId = val;

               break;

          default:

               System.log("Unrecognized property '" + prop.key + "' with value = '" + val);

     }

}

return ret;