VMware Cloud Community
craigso
Enthusiast
Enthusiast
Jump to solution

Override Active Directory Policy OU value via custom property?

Hello again. Thanks for taking the time to read this thread!

I'm would like to provide our users the ability to provision directly into sub-OUs of the OU defined in the Active Directory Policy. Initially I thought the value picker might be a way to do this, but it appears there is no way to limit the scope of that custom form element.

Next I've written a action to take a Distinguished Name(DN), and list all the sub-OU's with a friendly name and DN value.

My hope now is do the following:

  1. Pull the DN from the AD policy assigned to the business group
  2. Pass the value to the action, outputting all the Sub-OUs
  3. Once user selects the OU, the value should be overwrite the value specified in the AD policy.
  4. Machine provisioned into the selected OU

The part I'm now stuck on is pulling the value from the AD policy, and ultimately replacing it with the selected value. Anyone have experience with his? My searches to this point have not been all that helpful, other than I know the AD policy is defined by: ext.policy.activedirectory.system.id

Thank you in advance!

1 Solution

Accepted Solutions
craigso
Enthusiast
Enthusiast
Jump to solution

Aaannnd just after posting this I did a bit more searching on "ext.policy.activedirectory.system.id" which led me to the Custom Property Dictionary.

Custom Properties E lists: "ext.policy.activedirectory.orgunit" - The organizational unit that you want to use rather than the organizational unit in the current Active Directory policy. Overrides the ext.policy.activedirectory.system.orgunit value that is specified in the Active Directory policy.

This looks like exactly what I'm after. I'll give it a shot!

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

View solution in original post

2 Replies
craigso
Enthusiast
Enthusiast
Jump to solution

Aaannnd just after posting this I did a bit more searching on "ext.policy.activedirectory.system.id" which led me to the Custom Property Dictionary.

Custom Properties E lists: "ext.policy.activedirectory.orgunit" - The organizational unit that you want to use rather than the organizational unit in the current Active Directory policy. Overrides the ext.policy.activedirectory.system.orgunit value that is specified in the Active Directory policy.

This looks like exactly what I'm after. I'll give it a shot!

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

craigso
Enthusiast
Enthusiast
Jump to solution

Adding this property and populating it with a distinguished name did the trick. The computer object was created in the correct location.