vRealize Automation Cloud Assembly supports integration with Active Directory servers to provide out of the box creation of computer accounts in a specified Organizational Unit (OU) within an Active Directory server prior to provisioning a virtual machine. Active Directory supports an LDAP connection to the Active Directory server.

An Active Directory policy that is associated with a project is applied to all virtual machines provisioned within the scope of that project. Users can specify one or more tags that are used to selectively apply the policy to virtual machines that are provisioned to the cloud zones with matching capability tags.

For on-premises deployments, Active Directory integration enables you to set up a health check feature that shows the status of the integration and the underlying ABX integration on which it relies, including the required extensibility cloud proxy. Prior to applying an Active Directory policy, vRealize Automation Cloud Assembly checks the status of the underlying integrations. If the integration is healthy, vRealize Automation Cloud Assembly proceeds with creating the deployed computer objects in the specified Active Directory. If the integration is unhealthy, the deploy skips the Active Directory phase during provisioning.

Prerequisites

  • Active Directory integration requires an LDAP connection to the Active Directory server.
  • If you are configuring an Active Directory integration with vCenter on-premises, you must configure an ABX integration with an extensibility cloud proxy. Select Extensibility > Activity > Integrations and choose Extensibility Actions On Prem.
  • If you are configuring an integration with Active Directory in the cloud, you must have a Microsoft Azure or Amazon Web Services account.
  • You must have a project configured with appropriate cloud zones, and image and flavor mappings to use with the Active Directory integration.
  • The desired OU on your Active Directory must be pre-created before you associated your Active Directory integration with a project.

Procedure

  1. Select Infrastructure > Connections > Integrations and then New Integration.
  2. Click Active Directory.
  3. On the Summary tab, enter the appropriate LDAP host and environment names.
  4. Enter the name and password for the LDAP server.
  5. Enter the appropriate Base DN for the desired users and groups in your Active Directory.
    Note: You can specify only one DN per Active Directory integration.
  6. Click Validate to ensure that the integration is functional.
  7. Enter a Name and Description of this integration.
  8. Click Save.
  9. Click the Project tab to add a project to the Active Directory integration.
    On the Add Projects dialog, you must select a project name and a relative DN, which is a DN that exists within the Base DN specified on the Summary tab.
  10. Click Save.

Results

You can now associate the project with Active Directory integration to a blueprint. When a machine is previsioned using this blueprint, it will be pre-staged in the specified Active Directory and Organizational Unit.

You can also implement a tag-based health check for on- premises Active Directory integrations as follows.

  1. Create an Active Directory integration as described in the preceding steps.
  2. Click the Project tab to add a project to the Active Directory integration.
  3. Select a project name and a relative DN on the Add Projects dialog. The relative DN must exist within the specified base DN.
  4. Add appropriate tags. These tags are applicable to the cloud zone to which the Active Directory policy may apply.
  5. Click Save.

The Status of the Active Directory integration is displayed for each integration on theInfrastructure > Connections > Integrations page in vRealize Automation Cloud Assembly.

You can associate the project with Active Directory integration with a blueprint. When a machine is provisioned using this blueprint, it is pre-staged in the specified Active Directory and OU.