vRA 7.3 - Using Active Directory Policies

Share on:

So it seems to be that time of year again with new projects coming around. This time its all about vRA. This is probably my first of many blogs to come about things I have come across.

My question today was how do I pre-create a computer AD account, join a device to the domain and then clean it up when the machine is destroyed.

Turns out this is super simple in vRealize Automation 7.3!

TIP: If you want to practice or follow along you can use HOL-1733-SDC-1 (vRealize Automation 7.2: What’s New)

vRealize Automation 7.1 introduced the ability to place new machines in specific Organizational Units based on Business Group membership or a specific blueprint. To accomplish this, the following steps must be completed in vRealize Automation.

  1. Create an Active Directory Endpoint
  2. Create an Active Directory Policy
  3. Assign the Policy to a Blueprint or Business Group.
Create an Active Directory Endpoint
  1. Log in to vRA as a tenant administrator.
  2. Navigate to the Administration Tab and select vRO Configuration.
  3. From here we will choose Endpoints and create a new Active Directory endpoint.
  4. Name the endpoint. (I suggest the domain name)
  5. Enter in the ldap server hostname or IP.
  6. Set the port 389 or 636(SSL)
  7. Set the Base DN for your lookups.
  8. Select if using SSL or not.
  9. Enter in the default domain name
  10. Enter in a user that will have rights to create, delete and move computer objects.
  11. Enter the Password.

endpoint

Now your Active Directory Endpoint should be created and we can proceed to the next step.

Create an Active Directory Policy

  1. Log in to vRA as a tenant administrator.
  2. Navigate to the Administration Tab and select Active Directory Policies.
  3. Click new and Set an ID (This cannot be changed, I set mine to be domainNameouName)
  4. Select the previous Active Directory Endpoint you created.
  5. Enter in your domain name
  6. Enter in the OU you wish the accounts to be created in.

Now your Active Directory Policy should be created and we can proceed to the next step.

Assign the Policy to a Business Group.

  1. Log in to vRA as a tenant administrator.
  2. Navigate to the Administration Tab, select Users & Groups and then Business Groups.
  3. Edit an existing or create a new business group.
  4. Update the Active Directory Policy to be the policy you created above.

Now your Active Directory Policy is assigned to the Business Group and we can proceed to the next step. Testing!

Make sure you have a customization specification set on your blueprint that will join to the domain and kick it off, you should see the account get created and the machine deployed.

Once you destroy the machine, the account will be deleted and voila lifecycle is complete.

Hope this helps anyone, and if you have questions feel free to reach out on social media.

comments powered by Disqus