Windows Domains provides the ability to execute PowerShell scripts to pre-stage Active Directory computer objects.
By default, the behaviour of joining a computer object to an Active Directory domain creates the object in a predefined location - usually the Computers OU. In environments where objects must be created in a specific OU, Windows Domains is used to create the computer object in the required OU prior to joining the computer to the domain. Windows Domains also unjoins and removes the computer object when terminating Windows virtual machine resources.
Note: Executing PowerShell scripts requires the configuration of a Windows host to perform the execution on the Automation appliance's behalf. The script host can be predefined and automatically resolved at deployment time through configuration of a Windows Script Host, or manually specified in the Windows Domains configuration.
This article describes the steps required to manage Script Hosts. Please refer to the article Node Definition - Windows Domain for information about using Windows Domains as part of a blueprint design.
Prerequisites
- Administrative access to the Automation UI
- Active Directory domain details
- Configured Windows Script Host or details of a Windows host which can execute PowerShell scripts
Adding a Windows Domain
This section describes the steps required to create a new Credential.
The steps are provided are for a Windows Script Host, but are generally identical for a Linux Script Host.
- Log into the Broker UI as an administrative user
- Navigate to Admin > Control Panel
- Select the Windows Script Hosts or Linux Script Hosts tile
- A list of existing Windows Domains is displayed
- Click Add
- On the Add Windows Domain screen, provide a description for the domain
- On the Add Windows Domain - Scope Rule screen, provide the following information:
- Environment: The environment when this host will be used
- Account/Network: The cloud account or specific network when this host will be used
- On the Add Windows Domain - Definition screen, provide the following information:
- NetBIOS Name: The simple NetBIOS name of the defined domain
- Domain FQDN: The fully qualified domain name of the defined domain
- Service Account Credential: Credentials with authorisation to communicate with domain controllers to add and remove computer objects
- Destination OU: The fully qualified distinguished name for the OU in which computer objects will be created
- Resolve script host automatically: Whether to automatically resolved and use Windows Script Hosts
Note: If this is not selected, host and connectivity details will need to be provided at this time - Advanced
- Prestage Script: A custom PowerShell script to execute to create the computer object
- Unjoin Script: A custom PowerShell script to execute to remove the computer object
Note: Scripts can be local artifacts or linked from a respository
- Click Add
- The Windows Domain has been added
- Additional domains can defined and ordered - if multiple domains are defined, they are evaluated and matched in a top-to-bottom order
Note: This example defines that any deployments to the Test environment will have their computer object created as defined in the Test domain, and any deployments to the Production environment will have their computer object created as defined in Production domain.
Removing a Script Host
This section describes the steps required to remove a Script Host.
- Log into the Broker UI as an administrative user
- Navigate to Admin > Control Panel
- Select the Windows Script Hosts or Linux Script Hosts tile
- A list of existing Windows Domains is displayed
- On the Windows Domain to be removed, select the Edit drop down list
Click Remove - Click Remove
- The Windows Domain has been removed