Skip to main content

Create VM on specified OU on vRA

Best practices to manage enterprise Active Directory is organizing servers by particular properties.  For example, servers maybe put into different OU by role, business group or function...etc. Following is a vRO workflow sample to automate provisioning computers in proper OUs according to user choice in vRA Service Catalog. I'll just give brief of each step in this article, so please make sure you understand both products before read this post.

[do_widget "Language Switcher" wrap=aside title=false]

I always prefer to think of workflow as a machine, split complex works to small easy piece. In this workflow I need grab virtual machine information from vRA, I created a workflow "Capture vRA VM Info". I also need to convert the reference string value to AD object since vRO cannot recognize vRA string as OU object. So I created another work flow "Convert Role to OU". Once I have the target OU object in hands, I can create computer account in Active Directory first, then join the machine to domain it will automatic associate with existing computer account. So I created last work flow "Create VM in OU". The name maybe confuse, I should name it like "Create Computer account in OU" but due to the length limitation of workflow label. Following is how the whole vRO workflow looks like:

WorkflowIn my case, workflow put VM to proper OU according to which server role user chooses when provisioning new VM in vRA.

  1. Create a drop list in blue print.
    Properties Dictionary

  2. Duplicate workflow "workflow template" to "Capture vRA VM Info", this workflow is used to get vRA VM information.Capture vRA VM Info

  3. Create a workflow "Convert Role to OU" to convert server role value (string) to OU object. If you don't know how to do it, read my blog How to convert string to OU object in vRO. This workflow receives server role value from previous workflow and search AD and return AD object to next workflow.
    Convert Role to OU

  4. Duplicate workflow "Create a computer in an organizational unit" to "Create VM in OU". This workflow is used to create computer account on specified OU. It receives AD object from previous workflow and VM name from first workflow, then create the computer account in specified OU accordingly.
    Create VM in OU


Popular posts from this blog

Connect-NsxtServer shows "Unable to connect to the remote server"

When you run Connect-NsxtServer in the PowerCLI, it may show "Unable to connect to the remote server".  Because the error message is a little bit confusing with other login issues. It's not easy to troubleshoot. The actual reason is the NSX-T uses a self-signed certificate, and the PowerCLI cannot accept the certificate automatically. The fix is super easy. You need to set the PowerCLI to ignore the invalid certificate with the following command: Set-PowerCLIConfiguration -Scope User -InvalidCertificateAction:Ignore -Confirm:$false

Setup Terraform and Ansible for Windows provisionon CentOS

Provisioning Windows machines with Terraform is easy. Configuring Windows machines with Ansible is also not complex. However, it's a little bit challenging to combine them. The following steps are some ideas about handling a Windows machine from provisioning to post configuration without modifying the winrm configuration on the guest operating system. Install required repos for yum. yum -y install yum -y install yum -y install yum -y install epel-release yum -y install yum-utils yum-config-manager --add-repo Install  Terraform . sudo yum -y install terraform Install  Ansible . sudo yum -y install ansible Install  Kerberos . yum -y install gcc python-devel krb5-devel krb5-libs krb5-workstation

How to List All Users in Terraform Cloud

Terraform has a rich API. However, the API documentation does not mention how to list all users. We can leverage the organization membership API and the PowerShell command  Invoke-RestMethod  to get a user list. 1. Create an organization token in Terraform Cloud. 2. Create the token variable ( $Token ) in PowerShell. $Token = "abcde" 3. Create the API parameters variable in PowerShell. $params = @{ Uri = "" Authentication = "Bearer" Token = $Token ContentType = "application/vnd.api+json" } Note: You need to replace ZHENGWU with your own organization name. And I used 100 at the end of the URI to retrieve the first 100 users. It can be any number.  4. Retrieve the API return and list the user's email address. $Test = Invoke-RestMethod @params $