As an IaaS architect, you want to configure vRealize Automation to clean up your Active Directory environment whenever provisioned machines are removed from your hypervisors. So you edit your existing vSphere CentOS blueprint to configure the Active Directory cleanup plugin.

Using the Active Directory Cleanup Plugin, you can specify the following Active Directory account actions to occur when a machine is deleted from a hypervisor:

  • Delete the AD account

  • Disable the AD account

  • Rename AD account

  • Move the AD account to another AD organizational unit (OU)



This information does not apply to Amazon Web Services.

  • Log in to the vRealize Automation console as an infrastructure architect.

  • Gather the following information about your Active Directory environment:

    • An Active Directory account user name and password with sufficient rights to delete, disable, rename, or move AD accounts. The user name must be in domain\username format.

    • (Optional) The name of the OU to which to move destroyed machines.

    • (Optional) The prefix to attach to destroyed machines.

  • Create a machine blueprint. See Scenario: Create a vSphere CentOS Blueprint for Cloning in Rainpole.


  1. Select Design > Blueprints.
  2. Point to your Centos on vSphere blueprint and click Edit.
  3. Select the machine component on your canvas to bring up the details tab.
  4. Click the Properties tab.
  5. Click the Custom properties tab to configure the Active Directory Cleanup Plugin.
    1. Click New Property.
    2. Type Plugin.AdMachineCleanup.Execute in the Name text box.
    3. Type true in the Value text box.
    4. Click the Save icon (Save).
  6. Configure the Active Directory Cleanup Plugin by adding custom properties.


    Description and Value


    Enter the Active Directory account user name in the Value text box. This user must have sufficient privileges to delete, disable, move, and rename Active Directory accounts. The user name must be in the format domain\username.


    Enter the password for the Active Directory account user name in the Value text box.


    Set to True to delete the accounts of destroyed machines, instead of disabling them.


    Moves the account of destroyed machines to a new Active Directory organizational unit. The value is the organization unit to which you are moving the account. This value must be in ou=OU, dc=dc format, for example ou=trash,cn=computers,dc=lab,dc=local.


    Renames the accounts of destroyed machines by adding a prefix. The value is the prefix string to prepend, for example destroyed_.

  7. Click OK.


Whenever machines provisioned from your blueprint are deleted from your hypervisor, your Active Directory environment is updated.