Two years ago, I wrote a similar article around vCAC’s embedded vCO but a lot has changed since then so those older steps no longer apply. This brief article will quickly walk you through the steps required to allow vRealize Automation 7.0/7.1/7.2’s embedded vRealize Orchestrator to allow Active Directory Domain accounts login to the vRO Client.
Pre-Requisites This article assumes the following:
vRealize Automation 7.0-7.2 is installed and configured (NOTE: This has not been tested with 7.
If you’re reading this article, it may be because you have installed vCloud Automation Center (vCAC) and are interested in using an account other than administrator@vsphere.local to login to the embedded vCenter Orchestrator (vCO) server. By default, the vCO Server uses a “vcoadmins” group in the “vsphere.local” domain provided by the SSO server that vCAC was configured to use. This short tutorial will step you through a pretty basic configuration where I have just deployed a vCAC 6.
The AD plug-in for vCenter Orchestrator (vCO) allows for the creation of AD:UserGroup objects as well as the management of its members. A missing option though is to define the type of Group to create. Read on to learn how I came up with a workflow that allows you to change the group to any group type and scope you like.
Research The first thing I did is use the workflow from the How to get Active Directory User Attributes article to create a simlar workflow for UserGroups.
Have you ever had the need to get some attributes of your Active Directory user account? Perhaps Manager for an approval, maybe direct reports, etc… but not sure how to work with the AD:User object in vCO… Well here’s a great little snippet that can help you quickly identify the available information attached to the AD:User account you specify.
Show AD User Info Simply place the following script into a scriptable task in a new workflow.
As vCloud Automation Center (vCAC) gains traction, so too does the need for details on how to extend it using vCenter Orchestrator (vCO). I have kept an eye out for good articles on vCAC and just saw a great one at the DailyHypervisor.com blog around Adding a computer account to Active Directory OU. This is something that we had done for LifeCycleManager (LCM) quite some time back and feel it is a good candidate for a vCO-centeric article.
Following the release of the Microsoft Active Directory plug-in VMware demonstrates how to combine building block workflows into a custom one.
Quoting the release notes : The VMware vCenter Orchestrator plug-in for Microsoft Active Directory allows organizations to automate the management of directory services tasks, particularly as they pertain to cloud provisioning use cases. For instance, the plug-in enables the automatic provisioning of vCloud Director organizations based on data retrieved from Active Directory. The plug-in also includes many administrative actions related to computers, organizations, user groups, and users, such as resetting passwords or adding users to a user group.
The recently released vCenter Orchestrator 4.1 requires and takes advantage of a 64-bit OS. For development purposes, it can be desirable to have a single server to perform the following roles:
Windows Domain Controller (Active Directory)
E-mail Server (POP3/SMTP)
Database Server
vCenter Server
vCO Server
vCO Client
This short article is intended to help you get all these services running on a single server. Setting up these features in an incorrect order may result in conflicting ports and/or the inability to get some of the software installed.
