In addition to the vRealize Automation Cloud Assembly blueprint resources that you use when you create blueprints, you can also create your own custom resources. The custom resources are vRealize Orchestrator workflows that you add to the blueprint designer so that you can use it to a blueprint. In this use case, you add a workflow to create an Active Directory user as a blueprint resource type. You then add the new resource to a machine blueprint so that you can add the user as part of the machine deployment.

This use case uses workflows that are provided in vRealize Orchestrator. It includes prescriptive values or strings to demonstrate how to perform the process. You can modify them to suit your environment.

For reference purposes, this use case uses a project named DevOpsTesting. You can replace the project with one that you already have.


  • Verify that you configured a vRealize Orchestrator integration. See Configure vRealize Orchestrator integration in Cloud Assembly.
  • Verify that the workflows that you are using for the create, update, destroy, and day 2 actions exist in vRealize Orchestrator and run successfully from there.
  • In vRealize Orchestrator, locate the resource type used by the workflows. The workflows included in this custom resource must all use the same resource type. In this use case, the resource type is AD:User.
  • Verify that you know how to configure and deploy a machine blueprint.


  1. Create an Active Directory custom resource for adding a user in a group.
    This step adds the custom resource to the blueprint design canvas as a resources type.
    1. In vRealize Automation Cloud Assembly, select Design > Custom Resources, and click New Custom Resource.
    2. Provide the following values.

      Remember, except for the workflow names, these are sample values.

      Setting Sample Value
      Name Add an AD user

      This is the name that appears in the blueprint canvas resource type tree.

      Resource Type Custom.ADUser

      The resource type must begin Custom. and each custom resource type should be unique.

      Although the inclusion of Custom. is not validated in the field, the string is automatically added if you inadvertently remove it.

      This resource type is added to the design canvas so that you can use it in the blueprint.

      External Type AD:User

      This resource type must match the variable type defined in the vRealize Orchestrator workflow.

      In this use case, the workflows are "Create a user with a password in an organizational unit" and "Destroy a user." For the "Create a user" workflow, the type is an output parameter defined on the Parameters tab. For the "Destroy a user" workflow, the input is defined on the Inputs/Outputs tab.

    3. To enable this resource type in the blueprint resource type list, click the Activate option.
    4. Select the Scope setting that makes the resource type available to any project.
    5. Configure the workflows that define the resource and the day 2 actions.
      Setting Sample Value
      Lifecycle Actions - Create Select the Create a user with a password in an organizational unit workflow.

      If you have multiple vRealize Orchestrator integrations, select the workflow on the integration instance you use to run these custom resources.

      Lifecycle Actions - Destroy Select the Destroy a user workflow.
      Additional Actions Select the Change a user password workflow.

      To modify the action request form that the user responds to when they request the action, click the icon in the Request Parameters column.

      In this example, there is no appropriate application of an update workflow. A common example of an update workflow, which makes changes at the deployment level, is scaling in or scaling out a deployment.

    6. Review the schema key and type values in the right pane so that you understand the workflow inputs so that you can configure in the blueprint.
      The schema lists the required and optional input values defined in the workflow. The required input values are included in the blueprint YAML.

      In the Create a user workflow, accountName, displayName, and ouContainer are required input values. The other schema keys do not. You can also use the schema to determine where you want to create bindings to other field values, workflows, or actions. Bindings are not included in this use case.

      The generated keys are text in the workflows. There is no need to consider these inputs when you create the blueprint.

  2. Create a blueprint that adds the user to a machine when you deploy it.
    1. Select Design > Blueprints, and click New.
    2. Name the blueprint Machine with an AD user.
    3. Select the DevOpsTesting project, and click Create.
    4. Add and configure a vSphere machine.
    5. From the resource type list on the left of the blueprint design page, drag the Add an AD user in a group resource type onto the canvas.
      The three properties are mandatory for the workflow.
    6. On the right, edit the YAML code to add the mandatory input values and the password.
      Add an inputs section in the code so that users can provide the name of the users that they are adding. In the following example, some of these values are sample data. Your values might be different.
          type: string
          title: Account name
          encrypted: true   
          type: string
          title: Display name   
          type: string
          title: Password
          encrypted: true 
          type: string
          title: Password
          encrypted: true   
          type: object
          title: AD OU container
          $data: 'vro/data/inventory/AD:OrganizationalUnit'
                  type: string
                  type: string    
    7. In the resources section, add ${input.input-name} code to prompt for the user selection.
          type: Custom.ADUser
              accountName: '${input.accountName}'
              displayName: '${input.displayName}'
              ouContainer: '${input.ouContainer}'
              password: '${input.password}'
              confirmPassword: '${input.confirmPassword}'       
  3. Deploy the blueprint.
    1. On the blueprint designer page, click Deploy.
    2. Enter the Deployment Name AD User Scott.
    3. Select the Blueprint Version and click Next.
    4. Complete the deployment inputs.
    5. Click Deploy.
  4. Monitor the provisioning process to ensure that the user is added to Active Directory.
    1. Click Deployments and locate your AD User Scott deployment.
    2. Monitor the status of the request and verify success.
    3. Verify that the change password action is available and working.

What to do next

When your tested blueprint is working, you can then begin using the Add user custom resource with other blueprints.