Using Active Directory Policies with custom hostnames in vRealize Automation - Part 1

Jun 29, 2019 vRA
Share on:

One of my vRA projects had some interesting requirements for their blueprints in regards to Active Directory combined with custom hostnames.

Requirements:

  • The customer uses custom hostnames based on parameters provided during the request.
  • The computer accounts need to be placed in OUs based on the application installed on the VM
  • They have a multitude of different AD domains
  • Limit the number of blueprint

The AD account creation can be handled by a custom workflow but why not use the out-of-the-box Active Directory Policies vRA feature. The combination of custom hostnames and Active Directory policies requires some special considerations but more on that in a later blog post.

Lets first start with configuring the prerequisites:

Active Directory endpoint creation

In vRA go to administration/vRO configuration/Endpoints. Click new endpoint, select the Active Directory plugin and click next.

vRO endpoint overview
  • Enter a name for the endpoint.
  • Enter a description and click next.
New Active Directory endpoint
  • Enter the FQDN of a Active Directory DC
  • Accept the default port
  • Enter the Base DN
  • Select if SSL is to be used or not
  • Enter the default domain name
  • Enter an account with permissions to add/remove computer accounts in Active Directory
  • Enter the password
  • Click Finish
New Active Directory endpoint details

You will need to created multiple AD endpoints in case you have multiple domains.

Active Directory Policy creation

Go to Administration/Active Directory Policies. Click new.

  • Enter a descriptive name for the AD policy
  • Enter a Description
  • Select the endpoint associated to the Active Directory domain of this policy
  • Enter the domain name
  • Enter the Distinguished Name of the OU in which the computer accounts need to be created in
  • Click OK
New Active Directory Policy

Create an AD policy for each of the domain endpoints you created previously.

Using Active Directory policies

Active Directory policies can be applied in two ways.

  1. Business group level

    Go to Administration / Users and Groups / Business Groups and select a Active Directory Policy

Using Active Directory Policy on business group level

This will apply the AD Policy to all blueprints entitled to this business group, regardless if it is a windows blueprint or not.

  1. Blueprint level

A more flexible solution is to apply the AD policy on blueprint by configuring it trough the custom properties. This can be achieved by adding the ext.policy.activedirectory.id custom property on the machines in your blueprint. Enter the AD policy name as the value.

Using Active Directory Policy on blueprint level

Once the Active Directory policy is configured, the computer account will be created during deployment before the VM is provisioned.

The Active Directory Policy will also delete the AD computer account whenever you destroy the vRA deployment/item.