VMware Cloud Community
alexav
Contributor
Contributor
‎01-18-2012 05:58 PM

VMware Service Manager + vCenter Orchestrator + Microsoft Active Directory Workflow, API & Scripting Query

From within VMware Service Manager (VSM) we wish to action a vCenter Orchestrator (vCO) workflow which in turn carries out an action within Microsoft Active Directory (AD).

We have installed, configured and successfully tested the connections between VSM, VSM vCO Connector, vCO, vCO AD Plug-In and of course AD.

However, we have not as yet been able to pass complex data types from VSM to vCO (such as AD:Group, AD:User, etc.). Which appear to be required for some of the predefined vCO AD workflows.

In addition we have not been able to successfully reference the vCO plug-in API in custom Scriptable Tasks via the workflow scripting area.

Therefore, we would greatly appreciate any assistance from anyone who:

  • can provide a full working example of a script which utilises the vCO AD plug-in API; and/or
  • has experience with a working instance of VSM to vCO to AD integration.
0 Kudos
3 Replies
Burke-
VMware Employee
VMware Employee
‎01-20-2012 05:34 AM

Look back through the vCO Connector document for VSM. There are instructions there are how to add a vCO plug-in to VSM. This is REQUIRED in order to pass complex objects that are specific to that plug-in... for example, if you want to pass an AD:User object from VSM to vCO, you must extract the AD Plug-in for vCO INTO the appropriate folder on your VSM server.

Once you have properly installed the vCO plug-in on your VSM server and can see the AD:* objects listed in the RESOURCES of VSM, you can try calling a vCO workflow.... a good example would be the "Add User to a Usergroup" workflow as this is a common task. On the vCO side, there are several AD related workflows that come with the plug-in so you can learn how to access the API by digging in to those workflows... of course, this is only necessary if the library of AD workflows do not already have the functionality you require.

The process described above apply to ANY vCO plug-ins and complex objects you wish to use from the VSM side.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
ppanicherski
VMware Employee
VMware Employee
‎01-20-2012 07:58 AM

The folowing JavaScript code demonstrates the following:

  • creates an user inside a group.
  • Demonstrates how passing complex objects as parameters can be avoided (via finding it on vCO server). It takes only strings as input and you can use such approch if you find passing objects inappropriate for some reason.
  • Shows how vCO API can be called.

You need to place the whole script inside a single script block. The folowing String input should be passed in:

  • parentGroup
  • username
  • password

Note: The AD requires you to use a secure connection (LDAPS) in order to create users. If you do not have LDAP over SSL (LDAPS) you will get an error code coming from the Microsoft's ActiveDirectory server (probably LDAP: error code 53 - 00002035: LdapErr: DSID-0C090AFC, comment: Operation not allowed through GC port, data 0, vece).

var rootDomain = "DC=o11n,DC=vmware";

var parent = getGroupFrom(rootDomain, parentGroup);

var createUserInGroupWithPassWf = findWorkflowByName("Create a user with a password in a group", "Library");
createUserInGroup(parent, username, password);

function getGroupFrom(domain, groupName){
    var groups = ActiveDirectory.searchRecursively("Group", groupName);
    for(var i in groups){
        if(groups[i].distinguishedName.indexOf(groupName + "," + domain) > 0){
            return groups[i];
        }
    }
    throw "Group not found in domain: " + domain;
}

function findWorkflowByName(wfName, wfCategory){
    var category = Server.getWorkflowCategoryWithPath(wfCategory);
    for (wf in category.allWorkflows){
        var wf = category.allWorkflows[wf]
        if(wfName.equals(wf.name)){
            System.log("Workflow found. Id->" + wf.id);
            return wf;
        }
    }
}

function createUserInGroup(parent, name, password) {
    System.log("Create user in group: " + parent);
    var outParam = "newUser";
    var p = new Properties();
    p.put("accountName", name);
    p.put("password", password);
    p.put("confirmPassword", password);
    p.put("domainName", null);
    p.put("changePasswordAtNextLogon", "false");
    p.put("displayName", name);
    p.put("groupContainer", parent);
    user = executeWf(createUserInGroupWithPassWf, p, "completed").getOutputParameters().get(outParam);
}

function executeWf(wf, p, state) {
   var token = wf.execute(p);
   waitForState(token, state);
   return Server.findForType("WorkflowToken", token.id);
}

function waitForState(token, expState) {
   if (token.state != expState) {
      var cnt = 0;
      while (token.state != expState && ++cnt < 120) {
         System.sleep(500);
      }
      assert.that(token.state, eq(expState));
   }
   return token;
}

alexav
Contributor
Contributor
‎02-02-2012 10:42 PM

Thank you both Burke and ppanicherski for your assistance.

ppanicherski your example was very helpful in supporting our current implementation - regarding passing string based variables from VSM and then using vCO to generate the complex objects. This provides a flexible and easy to use interface for the VSM user.

Also, the code samples highlighted additional areas of interest relating to the vCO API.

Burke your example was also very helpful in clarifying that the AD Connector needed to be installed under vCO and VSM. This saved a lot of frustration.

We have installed the AD Connector under VSM and have created some test scenarios around this concept. This is a work in progress.

Thank you both again for your support and keep up the good work.

0 Kudos