Adding Provisioned Machines to Active Directory
search cancel

Adding Provisioned Machines to Active Directory

book

Article ID: 393273

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Due to architecture and design changes in VCF Automation 9.0, the option to add machines to Active Directory no longer exists out of box.  This functionality can be replicated using the instructions here.

Environment

VCF Automation 9.0

Cause

This is caused due to the deprecation of ABX functionality with VCF Automation 9.0

Resolution

Configuring VCF Automation to Add Machines to AD

Add your Active Directory Server(s) to Orchestrator Inventory

  1. Within the Orchestrate tab (`automation/#/orchestrate`), on the left panel click Workflows.
  2. Search for the workflow Add an Active Directory server.
  3. Then run this workflow to add the AD server(s).
  4. Each Active Directory server will need a single run of this workflow. 

Adding OU's as Configurations

  1. Under the Orchestrate tab, on the left panel click on Configurations.
  2. Use the New Configuration button, and fill out the name of the configuration with something descriptive (ex: ad_ou_list).
    1. Take note of the ID displayed. Note: This ID is the CONFIGURATION_LIST_ID that will be used within the setup script:
  3. Click on the Variables tab and choose New.

    2. The Variable can be named anything but be descriptive and make the Type set to AD:OrganizationalUnit. The Value will be set to the actual OU that we wish to create machines into. If we want to add more OUs to create machines, repeat these steps to create more variables. (as seen below).  Note: the Name field below will be the OU_VARIABLE_NAME_FROM_CONFIGURATION used in the setup script:

  4. Get the Project ID

    1. In order to get PROJECT_ID needed for the setup script we will need to go to the Manage & Govern tab.

    2. Click on Projects from the left panel.

    3. Select a project and you will see the Project ID listed in part of the URL prior to /summary:

       

Create the Workflow

Create Action Scripts

Download the attached package of the Action Scripts as well as the Workflows that will be used by the event in the next step. In order to import the above package, navigate to Orchestrate → Assets → Packages → Import as seen below:

Create and Subscribe to the Event

Once the workflows have been setup and created as above, we can now create a subscription based on the deployment event which will get triggered on a specific event, that in turn will run the workflow provided. Here are the overall steps to create a Subscription:

  1. Under the Subscriptions, create a new Subscription.
  2. Choose the Event topic which will be the trigger for this particular subscription. In this case we will choose the Iaas Resource Event event topic.
  3. Now choose the workflow that we created above and add it to the subscription.
  4. In the Condition block we will add on the following to filter for successful deployments: event.data.object.reason == "CreateSuccess" || event.data.object.reason == "DeleteSuccess"
  5. We have to specify also that this subscription will run agains Any Project by having the toggle for Project Scope enabled.
  6. Save the Subscription.

Below is the screenshot of how the subscription will look for the CreateDelete Event:

We can also check on the Subscription Runs once the Deployment has finished. This will show us if the subscription ran and also if the workflow associated with the subscription was run successfully or failed. This can be found under Build & Deploy → Event Subscriptions → Events

Blueprint Configuration

For the blueprint we will need to make note of the  metadata.name property. That is the field that will be used when creating the name of the computer objects in the AD server (Note: it will be limited to 15 characters because of limitations on Active Directory).  Replace the hashtags with appropriate names for your environment:

formatVersion: 1
resources:
  CCI_Supervisor_Namespace_1:
    type: CCI.Supervisor.Namespace
    properties:
      name: ###-#####-#########
      existing: true
  ad_vm_123: # AD Resource Name to provide for inputs when deploying
    type: CCI.Supervisor.Resource
    properties:
      context: ${resource.CCI_Supervisor_Namespace_1.id}
      manifest:
        apiVersion: vmoperator.vmware.com/v1alpha3
        kind: VirtualMachine
        metadata:
          name: test-vm-${env.shortDeploymentId}
        spec:
          className: best-effort-xsmall
          imageName: vmi-#################
          powerState: PoweredOn
          storageClass: development
      wait:
        conditions:
          - type: VirtualMachineCreated
            status: 'True'

Multiple OU Scenario

If we have a scenario where there are multiple OUs or Multiple AD Servers. Here are the steps we need to do:

  1. If there is another AD server to add on re-run the Add an active directory server workflow.
  2. Find the other OU you wish to add on and add it as a configuration variable as shown above.  ALL OUs should be held within the same Configuration List.
  3. Under Orchestrate-->Actions find the action script we created above for the setup. Inside of the project_associations add on the other PROJECT_ID: OU you wish to listen for and click Save.

These steps above will allow for multiple Project to AD_OU associations to exist. The workflow will run against all projects; however, because of the project_associations JSON, we will only create machines on the projects specified.

 

Attachments

active.directory.create.delete.package get_app
Powered by Wolken Software