The Active Directory Cleanup Plugin is a plugin that tenant administrators and business group managers configure with a set of custom properties to specify actions to take in Active Directory when a machine is deleted from a hypervisor.

Using the Active Directory Cleanup Plugin, you can specify the following Active Directory account actions to occur when a machine is deleted from a hypervisor:

  • The AD account is deleted

  • The AD account is disabled

  • The AD account is renamed

  • The AD account is moved to another AD organizational unit (OU)

Gather the following information for tenant administrators and business group managers to include in their blueprint:

  • An Active Directory account user name and password with sufficient rights to delete, disable, rename, or move AD accounts. The user name must be in domain\username format.

  • (Optional) The name of the OU to which to move destroyed machines.

  • (Optional) The prefix to attach to destroyed machines.

Note:

A fabric administrator can create a build profile by using the property set ActiveDirectoryCleanupPlugin to provide this required information. Doing so makes it easier for tenant administrators and business group managers to include this information correctly in their blueprints.