Using Active Directory Policies with custom hostnames in vRealize Automation - Part 1
One of my vRA projects had some interesting requirements for their blueprints in regards to Active Directory combined with custom hostnames.
- The customer uses custom hostnames based on parameters provided during the request.
- The computer accounts need to be placed in OUs based on the application installed on the VM
- They have a multitude of different AD domains
- Limit the number of blueprint
The AD account creation can be handled by a custom workflow but why not use the out-of-the-box Active Directory Policies vRA feature. The combination of custom hostnames and Active Directory policies requires some special considerations but more on that in a later blog post.
Lets first start with configuring the prerequisites:
Active Directory endpoint creation
In vRA go to administration/vRO configuration/Endpoints. Click new endpoint, select the Active Directory plugin and click next.
- Enter a name for the endpoint.
- Enter a description and click next.
- Enter the FQDN of a Active Directory DC
- Accept the default port
- Enter the Base DN
- Select if SSL is to be used or not
- Enter the default domain name
- Enter an account with permissions to add/remove computer accounts in Active Directory
- Enter the password
- Click Finish
You will need to created multiple AD endpoints in case you have multiple domains.
Active Directory Policy creation
Go to Administration/Active Directory Policies. Click new.
- Enter a descriptive name for the AD policy
- Enter a Description
- Select the endpoint associated to the Active Directory domain of this policy
- Enter the domain name
- Enter the Distinguished Name of the OU in which the computer accounts need to be created in
- Click OK
Create an AD policy for each of the domain endpoints you created previously.
Using Active Directory policies
Active Directory policies can be applied in two ways.
Business group level
Go to Administration / Users and Groups / Business Groups and select a Active Directory Policy
This will apply the AD Policy to all blueprints entitled to this business group, regardless if it is a windows blueprint or not.
- Blueprint level
A more flexible solution is to apply the AD policy on blueprint by configuring it trough the custom properties. This can be achieved by adding the ext.policy.activedirectory.id custom property on the machines in your blueprint. Enter the AD policy name as the value.
Once the Active Directory policy is configured, the computer account will be created during deployment before the VM is provisioned.
The Active Directory Policy will also delete the AD computer account whenever you destroy the vRA deployment/item.