Tenant administrators and business group managers configure the Active Directory Cleanup Plugin by using a set of custom properties to specify actions to take in Active Directory when a machine is deleted from a hypervisor.

About this task


If your fabric administrator creates a build profile that contains the required custom properties and you include it in your blueprint, you do not need to individually add the required custom properties to the blueprint.



This information does not apply to Amazon Web Services.

  • Log in to the vRealize Automation console as a tenant administrator or business group manager.

  • Gather the following information from your fabric administrator:

    • An Active Directory account user name and password with sufficient rights to delete, disable, rename, or move AD accounts. The user name must be in domain\username format.

    • (Optional) The name of the OU to which to move destroyed machines.

    • (Optional) The prefix to attach to destroyed machines.


    Your fabric administrator might have provided this information in a build profile.

  • Create at least one blueprint.


  1. Select Infrastructure > Blueprints > Blueprints.
  2. Point to the blueprint to which you want to add the Active Directory Cleanup Plugin and click Edit.
  3. Click the Properties tab.
  4. (Optional) Select one or more build profiles from the Build profiles menu.

    Build profiles contain groups of custom properties. Fabric administrators can create build profiles.

  5. Enable the Active Directory Cleanup Plugin.
    1. Click New Property.
    2. Type Plugin.AdMachineCleanup.Execute in the Name text box.
    3. Type true in the Value text box.
    4. (Optional) Select the Encrypted check box to encrypt the custom property in the database.
    5. (Optional) Select the Prompt user check box to require the user to provide a value when they request a machine.

      If you choose to prompt users for a value, any value you provide for the custom property is presented to them as the default. If you do not provide a default, users cannot continue with the machine request until they provide a value for the custom property.

    6. Click the Save icon (Save).
  6. Add the remaining Active Directory Cleanup Plugin custom properties.


    Description and Value


    Type the Active Directory account user name in the Value text box. This user must have sufficient privileges to delete, disable, move, and rename Active Directory accounts. The user name must be in the format domain\username.


    Type the password for the Active Directory account user name in the Value text box.


    Set to True to delete the accounts of destroyed machines, instead of disabling them.


    Moves the account of destroyed machines to a new Active Directory organizational unit. The value is the organization unit to which you are moving the account. This value must be in ou=OU, dc=dc format, for example ou=trash,cn=computers,dc=lab,dc=local.


    Renames the accounts of destroyed machines by adding a prefix. The value is the prefix string to prepend, for example destroyed_.

  7. Click OK.