Hi all,
I'm new to vCAC but I am starting to get familiar with it. I have a blueprint which currently clones a template and deploys a vm using a customization spec. The customization spec joins the machine to the domain automatically. I then have a simple batch file to add a security group to the machines local administrator group. However, going forward I want to use workflows to join the machine to the domain (and then remove it when I destroy it), create an AD security group based on the hostname of the machine and add the prefix "-adminusers" to the end of the security group, then add an existing security group to the new one just created (which will by then have the format {hostname}-adminusers) and then add the new group to the local administrators group of the machine. When it is destroyed I then want it to destroy the security group when the machine is destroyed. The computer account can just have -destroyed added to the end rather than deleted.
I followed the following guide which was relevant for vCAC 6.0 but I have 6.1 and it doesn't seem to work: StorageGumbo: vCAC - Automatically Manage Local Administrator AD Groups
The group is never created in AD so I can't get it to work, however if I manually run the "Create a user group in an organizational unit" workflow I can see it successfully creates the group I specify manually.
I have also seen this helpful guide about managing AD computer objects: http://dailyhypervisor.com/vcloud-automation-center-active-directory-machine-account-management-extension/
These both use external workflows that have to be imported and they are both for vCAC 6.0.
Can someone advise how I can make this work in 6.1, perhaps explaining how I can create my own workflow or using the built in workflows?
Thanks
EDIT:
I think I found the issue with the workflow from StorageGumbo that I linked above.
When I run a blueprint it does create the security group but it creates it as a Global Group, not Universal or Domain.local. The Security group is in a Child Domain, but the user account that it's trying to add to it that causes the workflow to fail is in the root domain. I've seen this issue mentioned before and apparently the workaround is to create a workflow to convert it from a Global to Domain.local. This is the guide in question: How to Change AD:UserGroup Scope and Type
Link to the actual workflow to change Group Scope is:
Change AD UserGroup Scope and Type
Is there an easier way of just incorporating this into the existing StorageGumbo workflow?
Or is there now an option in vCAC6.1 to change the AD Security Group Scope?