Move an AD computer object using vRA XaaS

It has been a while since I last wrote a new blog. It was a combination of a lot of things but the most important thing is, here is a new blog post. I have received some interesting questions on several topics through this website and I usually try to answer these as best as I can. A more recent question got me doing some research, hence this blog post. In this blog post I will show how you can move an Active Directory computer object to a different Organisational Unit with vRO and vRA XaaS.

The vRO part

We will start with the vRO part. For this I am assuming that a AD is already in place and that the OU’s have been created. Since moving an AD object requires interaction with the AD the vRO AD plug-in should also be configured. To set this up just run the workflow: Library->Microsoft->ActiveDirectory->Configuration->Add an Active Directory server and fill in your AD details.

There is no ‘move computer’ method in the AD plug-in but you actually use the ActiveDirectory.rename method. The method takes 4 parameters:
from (This is the distinguished name of the object to be moved in string)
to (This is the new canonical name of the object in string)
new_parent (This is the new destination distinguished name in string)
ad_host (This is the AD host object, uses default if left out, AD_Host object)

NOTE: Because we are not actually renaming the computer object but only want to move it, the second parameter (to) is the same as the first (from). We only change the OU in the third parameter. For the final parameter, I don’t get the AD object because I only have 1 AD and it is also the default.

From a vRO perspective you only need this line of code and 2 inputs.

When you have this code and the inputs linked up this part should now work. When running the workflow you select the computer object you want to move and the OU where it needs to be moved to and the workflow should handle this.

The vRA part

Now that we have the vRO workflow completed and tested we can look at how to make this usable in vRA so entitled users can use the vRA portal to move AD computer objects. To do this we create a new XaaS blueprint and set it up to use our new workflow.

Go to the design tab and choose XaaS Blueprints and click New.

Select the workflow we have just created.

Click next and fill out the details and in the next screen setup the form by using some descriptive labels.

Now finish the XaaS blueprint creation and entitle the new XaaS blueprint. You can now request this from the portal and move the AD computer object through a vRA catalog item.

Conclusion

Now this was pretty simple. I actually never realised that the moving of an Active Directory object was moved through the rename method. Of course this is a very straight forward use case, but it is being used. I have seen ‘staging’ OU’s where newly provisioned computer objects need to go first. A designated team will then move them later.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.