Hi Guys,
we are using vCO to add different AD groups to an AD computer account.
We deploy virtual servers into different domains, so we have to realise the step above for each domain.
If I run the "configure active directory server"-workflow for our different domains, the last entry will be overwritten with the active directory server of the running job.
Is there a way to use different domains in one vCO with the Active Directory Plugin?
Thanks and kind regards
Bjoern Beigl
Hi Bjoern,
not at the moment. Currently you aren't able to use the AD Plugin for multiple domains :smileyplain:
But there will be
Kind and best regards,
Chris
Well you can but not at the same time. You need to reconfigure the AD host and make sure that any other workflow accessing AD object are finished before you do it.
For an immediate solution to your needs you can use vCO to call either PowerShell scripts to do the task OR (my preference) use the RSAT tools from Microsoft (dsadd.exe, dsmod.exe, etc...) called either locally on a Windows based vCO server OR (preferred) via the Guest Operations workflows. Both of these methods should allow you to do what you need.
I hope you are correct, because i'm missing that multi-Domain feature, too
Hi,
Is this now possible with vCAC 6.1 and vCO's AD plugin v1.0.5?
This is quite critical to my organisation to automate tasks and manage objects in multiple domains
No, this functionality is still not yet in the released AD Plug-in.
I've got one AD forest with a root domain and a child domain, are you saying the AD plugin will not allow me to query the child domain if configured with the root domain or vice versa?
Do you know when this is likely to be supported? This is quite strange since I can easily query the root domain from the child domain even with a delegated user account that only has read permissions on the root domain but full domain admin rights on the child domain.
I created a custom workflow to try this and it finds the OU but I get this error:
Failed to create user group... [LDAP: error code 21 - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1 ]
I logged a support request for this about a year ago. No movement on that, I even offered to do it for them if they gave me the source.
I have long since abandoned vco for AD orchestration.
I'd highly recommend following Burke's advice and wrapping the native commands. I did this nearly two years ago and it was time well spent. I'm not sure what is going on in the plugin but it really probably needs to be re-written at this point. I say that not having looked at the most recent version but it sounds as if they have only added some very limited tweaks to it. Unless you have a very basic and small directory it won't function. Even when I configured it to only interact with one of our resource domains it was so painfully slow it made what I was trying to do impossible.
Thanks, that's helpful.
And yeah there's over 4000 objects in the forest and growing fast so it is quite painfully slow.
I think I'd rather go that way you and Burke recommend, I have a powershell script used for other tasks that can be used. I guess I can have input and output parameters parsed into a powershell script in the same way as the JavaScript in the workflow code?
Or just use the RSAT tools instead. Either way, I'm looking for examples on how I can incorporate that into a workflow and be able to call it from vCAC, I would like to do it the same way I am currently doing, by using workflow stubs and properties in my Blueprint in vCAC and then to insert those as inputs into a workflow that calls a powershell script or just runs the RSAT tools.
Any help is appreciated and many other people/organisations out there are interested in this!
Thanks
Here is some code that should get you going. Its not my best work (some of my first vCO attempts) and I have been meaning to rewrite this for a long time but it should query objects just fine. I have a whole series of related actions and workflows that build upon this as the core. For example I have a queryMachine which just prompts for a computer name plugs in everything else. I would suggest updating this to only return the attributes you care about. Right now it returns all attributes which isn't very polite.