You create an Active Directory policy to define where records are added in an Active Directory instance when your users deploy machines. You can assign a policy to a business group so that all machines deployed by the business group members result in a record created in the specified organizational unit.

You create different Active Directory policies when you want machines deployed by different business groups to have different domains or to be added to different Active Directory instances.



  1. Select Administration > AD Policies.
  2. Click the New icon (Add).
  3. Configure the Active Directory policy details.




    Enter the permanent value.

    The value cannot include any spaces or special characters.

    You cannot change this value at a later time. You can only re-create the policy with a different ID.


    Describe of the policy.

    Active Directory Endpoint

    Select the Active Directory endpoint for which this policy is created.


    Enter the root domain. The format is

    Organizational Unit

    Enter the organizational unit distinguished name for this policy.

    The hierarchy must be entered as a comma-separated list. For example, ou=development,dc=corp,dc=domain,dc=com.

  4. Click OK.


The vRealize Orchestrator Active Directory endpoint is added to the list. You can apply the policy in business groups or use the policy in blueprints or business groups.

What to do next

  • To provide multiple policy options, create more policies.

  • To add records to Active Directory based on business group membership when a blueprint is deployed, add the appropriate Active Directory policy to a business group. See Create a Business Group. You can apply the policy when you create the business group, or you can add it later.

  • To override the Active Directory policy for the business group for a particular blueprint, add Active Directory custom properties to the blueprint. See Scenario: Add a Custom Property to Blueprints to Override an Active Directory Policy.