Technical preview version of VMware vCenter Orchestrator Plug-In for Microsoft Active Directory
This is a patch release of the plug-in.
Version 3.0.10-15573702
Version 3.0.9-10953259
Version 3.0.8-10511038
Version 3.0.7-7624613
Version 3.0.6-5491166
Version 3.0.4-4950206
Version 3.0.2-4209033
Note: 3.0.2-4209033 GA version of the plugin is available as part of vRealize Orchestrator Appliance 7.1
Version 3.0.0-4132888
number of entries (i.e., "pages").
Notes : Compatible with vRealize Orchestrator 5.5.2+
Notes : Introduction to new feature available here Active Directory plugin 3.0.0 - New and Noteworthy
Version 2.0.8-3635144
Version 2.0.7-3423847
Version 2.0.6-3285066
Version 2.0.5-3151865
Version 2.0.4-3014454
Version 2.0.3-2824604
Version 2.0.2-2670588
Version 2.0.1-2597988
Version 2.0.0-2543027 GA
Notes : GA version available for download from - VMware vCenter Orchestrator Plug-In for Microsoft Active Directory Release Notes
Notes : Compatible with vRealize Orchestrator 5.5.2+
Version 1.0.6-2315152
Version 1.0.5-1866388
Version 1.0.4-760
When using this version of the plugin, when I try and pull out the list of userMembers from an AD:UserGroup... I'm getting a null return. I recall in an older version of the plugin (maybe 1.0.3 or 1.0.4) that this was occurring... Any insight on why that might be happening? I'm definitely getting the group, and I am getting the groupMembers back.. Just never users. Interestingly, if I try it in reverse (get groups from users), that works ok, too. Just really strange.
Let me try it out and will let you know.
It appears that the error is caused when there is comma in user name. We have just provided plugin update containing fix for above mentioned issue.
Please verify if it resolves your issue.
Regards, Ivo
Ivo-
Installed and tested that userMembers is populating, and it is! Awesome. I'll run a more thorough test of the plugin on Monday morning and then update the SR and this thread. Appreciate the quick turnaround in resolving. You guys are awesome!
Thanks for sharing the feedback!
I've updated to 2.0.2-2670588and i'm still getting the error "Default Active Directory server not set"
Do I need to remove existing AD plugin or will vCO just update the existing one by installing the tech preview ?
it will get updated.
Hi;
You've probably figured it out by now but after updating the AD Plugin, you also need to run the "Configure Active Directory plug-in options" workflow to re-set the Default Server.
Hope this helps...Ron
I'm adding this here as it appears to be monitored as well, could you look at this issue: Re: Active Directory 2.0 Plugin - searchExactMatch error
Reposting the answer from communities just in case.
According the Scripting API documentation for ActiveDirectory.searchExactMatch () function ad_host parameter should be the fourth parameter not the third one (see attached screenshot). The third parameter actually is search limit.
Any[] searchExactMatch(string type, string objectName,number limit , AD_Host adServer)
The correct line should be
var users = ActiveDirectory.searchExactMatch("User","myuser",100, ad_host);
Hi,
I've raised a VMware support ticket for this too (ref: 15720319207), but thought I'd mention it here too.
When using the ActiveDirectory plugin (v2.0.3) to Search (using ActiveDirectory.search or searchExactMatch or searchRecursively), if any users' AD display name contains a backslash no results are returned.
Can this be replicated by anyone else, if so can it be raised as a bug?
I'm guessing this one may be one for you igaydajiev,
I'm using the vRO 6.0.1 VM appliance if that makes any difference.
Many thanks,
Alex
Speaking of the magic of backslashes as escape characters...
The recommendation is to escape special characters in distinguished names with a backslash... but the AD:OrganizationalUnit.createUserwithDetails(...) method creates a display name, for a STRING that has a comma in it, like this...
Kohler\, Sean
I wouldn't ideally have a display name in this format, but I am dealing with some AD legacy...
I have tried to escape the escape (trick it) by setting up my displayName as
Kohler\, Sean
and then running it.
The method was too smart for my trick and it escaped the escape and the comma...
Kohler\\\, Sean
is what I ended up with.
I am going to try to change the name post creation to remove the backslash (using the AD:User object), but this behavior is less than ideal (if it will work... haven't tried it yet). Just take the Display Name string as I want it to be and make it be that EXACT string on the User Object for Display Name and I would be happy!
"Kohler, Sean" != "Kohler\, Sean"
(especially for a "Display Name" because it is ugly displayed with a backslash)
Regards,
Sean
So this does set the Display Name properly. I can use this as a workaround since the display name isn't set correctly on AD:User creation.
adUserTemp.setAttribute("displayName","Test, Automation");
Thanks for the tip, Sean!! I too am using the createUserWithDetails Action element and was looking for a way to standardize Display Names separated by a comma. Figured the best way to do this was to change the source parameter of the displayName Local Parameter (in the Workflow) to an "attribute" and then hard-code the values using your logic above. This method also eliminates any user input errors. The code I used was:
tmpUser.setAttribute("displayName", lastName + "," + firstName);
Hey,
I really like how this plugin is progressing, its becoming very useful.
One request, can we get a method to move objects (computers, groups, users)? It really the one main missing features that I'm having to work around thru SCORH or a powershell script somewhere. Having this function would allow me to reduce lots of complexity.
Thanks,
James
Yes! Thank you so much!
One issue I have encountered is that the rename method for AD:User does not accept names that contain commas, even when escaped. I haven't tested it with other objects but would anticipate the same result. It would be great if we could get a fix for this.
Thanks for work on this so far, this plugin has really helped our org get stuff done!
EDIT: Side note, I can't seem to find the ActiveDirectory.move() method anywhere in the API browser nor can I use the method with any of the other object classes.
Thanks for getting back.
The actual method name is ActiveDirectory.rename(). I have update the document.
This method can also be used to rename User. If you don't provide newParent parameter (null vallue) it will rename the current entry and preserve it under same parent.
I also tried invoking rename method on User entry. In case new name contains "," it will fail. I was able to rename it if the new name is escaped like so "User with \, comma in name". I will take a look at it . For proper prioritization and tracking you could open official customer request ...
OK, I didn't see that there was this method under Active Directory, I have been encountering this error when using the AD:User rename method. I will create a ticket for tracking for the error I was encountering.
Hi
It looks that "ActiveDirectory.search" does not follow "Base" setting.
Example if I create AD host with Base "OU=Customers,DC=domain,DC=local" and use that one on ActiveDirectory.search it still can find users from OU "OU=Admins,DC=domain,DC=local" too.
OlliJanatuinenHi OlliJanatuinen
I was just able to confirm it and will work on providing a resolution. For proper tacking could you open a customer request to vmware.
Thanks.
OlliJanatuinen
Technical prevew vesrsion of the plugin containing the fix has been just published.
Yes, I can confirm that it works right now. Thanks
Feature request: Support for AD connection naming
I would be useful to have possibility to specify name for AD connection on "Add an Active Directory server" workflow.
That is needed especially when you have multiple connection to same domain with different Base selections.
Support for named connecitons added starting with version 2.0.8 of the plugin. Any feedback is welcome.
Any ideas why a string is coming through as null when calling the Create a user group in an organizational unit and set attribute "Group Name"? I see the variable populated with the correct name, however the workflow fails every time with: "TypeError: Cannot call method "createUserGroup" of null"
I just try it in my environment running AD plugin version 2.0.8 and it seems OK. Workflow completed successfully`
Could you provide your version of vRO & AD plugin. Is this out of the box Workflow cumming with the plugin or custom one? How do you invoke it?
Hi!
I'm having trouble doing search: ActiveDirectory.search('OrganizationalUnit', '', ADhost)
It works ok if base of ADHost is set to root of AD, but if ADHost is created with some specific OU as base (Like, OU=Users,DC=domain,DC,local), then it does not work at all.
Any suggestions, or is it a bug that needs to be fixed?
Which version of the plugin do you use?
What do you mean by "does not work at all." Could you provide sample workflow and brief description of the scenario.
For example we have user X in ou Y. AD host base is set to Z searching for somestring we receive ...
Hi!
Version is latest (Version 2.0.8-3635144).
We have action with following script:
"
ADOUArray = new Array();
TempArray = new Array();
TempArray = ActiveDirectory.search('OrganizationalUnit', '', ADhost)
for each (var row in TempArray) {
ADOUArray.push(row);
}
return ADOUArray;
"
And ADhost is 'AD:AdHost'
If that ADhost is with base like:
DC=domain,DC=local
Then it works and returns organizational units
But, if on ADhost base is like:
OU=OrgUnit,DC=domain,DC=local
It returns nothing.
And, we are trying to get list of Organizational Units, not users
Hope that this clarifies a bit.
Looks like an issue. Please open a bug . When opening the issue please provide vRO server log bundel in DEBUG mode)
Hi igaydajiev,
Does the current Version 2.0.8-3635144 fix the objectSid issue identified in this thread?
ActiveDirectory plugin - getAttribute("objectSid")
Thank you
Just published new tech preview version 3.0.0-4132888 of AD plugin that should cover objectSid property. There is dedicated getSID() scripting method on User * UserGroups object that can be used to return formatted objectSID attribute. Since 3.0.0 version of hte plugin tehre is also getAttributeValueBytes() scripting method returning attribute value as byte[] array.
Any feedback is appreciated.
Hi Janne
Issue with ActiveDirectory.search('OrganizationalUnit', '', ADhost) not working in case of specific LDAP base provided is resolved in 3.0.0-4132888
Any feedback is appreciated
Hi.. I would need to download the specific version 3.0.2-4209033. Would you be able to provide the link for that?
This version is distributed with vRO 7.1.0. You can download vRO 7.1.0 and take it from there.
Download VMware vRealize Automation
Note : I do recommend using latest available version of the plugin which is compatible with vRO 5.5.2+. It is backward compatible, contains fixes for issues reported from other customers and also all bug fixes are applied on top of the latest version.
Hi,
I am not able to install version 3.0.6-5491166 using the vRO 6.0.3.3000581 installed on vRA 6.2.3-3093005 appliance.
It is possible to upload the plug-in but on the plug-ins overview tab it always displays:
Active Directory 3.0.6-5491166 Will perform installation at next server startup.
I restarted the both the vRO service and the whole appliance several times but the status is not changing at all.
Any Idea how to solve this issue?
Thanks,
Paul
PS: I also tried to use this guide to first uninstall the older version of the plug-in to start from scratch with the new version. But no change in behavior: Uninstalling a plug-in from vRealize Orchestrator 5.5.x, 6.0.x, and 7.x (2064575) | VMware KB
Have you checked server.log file for clues?
Can you share so I can take a look?
Many thanks for the memory leak fix for ActiveDirectory#searchForEntry().
We have many many LDAP calls and needed to use exactly this call. Just to get our situation we start with ~100 Java Threads of vCO process. After 1-2 days there 5000+ Java Threads like "Health Check Thread for LDAPConnectionPool".
With this fix we see a much more stable situation like Java Threads got closed again dealing with LDAP.
Thank you very much!
Hello,
I think we have got a bug, which has been fixed in earlier version, but has returned.
Using vRA7.6 and the AD plugin 3.0.9. When a VM is destroyed the workflow "Remove machine from active directory (event broker)" is triggered but fails. Looks like due not being able to delete a lead from a SPN registration.
I think the issue was previously been addressed back in 2013 and 14.
[2019-08-13 11:10:57.895] [I] Using AD host with ID = #_v2_#,#RootItem#,#33687ce2-7ce5-4bc8-967b-4eb2a49d94d7#
[2019-08-13 11:10:57.896] [I] Computer GUID = \f0\d1\80\65"3\84\40\89\05\ba\3b\ff\7e\d7\dd
[2019-08-13 11:10:57.897] [I] Custom workflow tag = AD.DestroyComputer
[2019-08-13 11:10:57.912] [I] Found 0 customization workflows.
[2019-08-13 11:10:57.952] [E] Error in (Workflow:Remove machine from active directory (Event Broker) / Remove Computer (item14)#15) 00002015: UpdErr: DSID-031A1226, problem 6003 (CANT_ON_NON_LEAF), data 0
So this happened year ago, worked and now I'm having issues again.
Running 7.5 and 3.0.10-15573702.
It's pretty weird. I can run the workflow "Create a user group in an organiational unit and set attribute "Group Name" fine, occasionally. Most of the time it fails with error "TypeError: Cannot call method "setAttribute" of null (Workflow:Create a user group in an organizational unit and set attribute "Group name" / Change "Group name (pre-Windows 2000)" attribute (item3)#10198)".
I can't get it to work at all when nested inside my workflow.