VMware Horizon Cloud Service Next-Gen – The Automation Series – Chapter 3 – Active Directory
This blog post is part of the VMware Horizon Cloud Service Next-Gen – The Automation Series, a series of blog posts that describes the possibilities and use of the VMware Horizon Cloud Service Next-Gen APIs.
In chapter 1 we created the API token, which we then used to create an access token in chapter 2. The access token will be used in this chapter to add, get and delete an Active Directory configuration in the VMware Horizon Cloud Service.
The original VMware documentation for Active Directory operations can be found here.
We will use PowerShell again to execute the requests.
Create
We will start by creating a new Active Directory configuration. For this we will use the following information:
| HTTP Method | POST | |
| URI | https://cloud.vmwarehorizon.com/admin/v2/active-directories | |
| Content-Type | application/json | Header |
| Authorization | Bearer <Access token> | Header |
| orgId | Organization ID | Body |
| name | Any name for the record, but generally the domain name | Body |
| dnsDomainName | FQDN for the domain name | Body |
| description | Any description for the record | Body |
| bindAccounts / primary / username | Primary bind account username | Body |
| bindAccounts / primary / password | Primary bind account password | Body |
| bindAccounts / auxiliary/ username | Secondary bind account username | Body |
| bindAccounts / auxiliary/ password | Secondary bind account password | Body |
| joinAccounts / primary / username | Primary join account username | Body |
| joinAccounts / primary / password | Primary join account password | Body |
| joinAccounts / auxiliary/ username | Secondary join account username | Body |
| joinAccounts / auxiliary/ password | Secondary join account password | Body |
| defaultOU | Organizational unit where provisioned VM’s will be contained | Body |
The orgId or Organization ID is something you can lookup manually in the Cloud Services Console or automated using the API. In one of the upcoming chapters, I will explain how to retrieve the Organization ID using the API. This is how it’s done manually.
Once logged on to the Cloud Service Console, click the drop-down button (1). The Organization ID is displayed there (2). You can use the copy button (3) to copy the Organization ID string and use it as the value for the orgId.
With this information we will now construct the lines of code in PowerShell to add the Active Directory configuration.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
$Header = @{ "Content-Type" = "application/json"; "Authorization" = "Bearer " + $AccessToken } $Body = @{ "orgId" = "x1xxx1111-x111-1111-xx11-111111x11xx1"; "name" = "mydomain"; "dnsDomainName" = "mydomain.int"; "description" = "Internal domain"; "bindAccounts" = @{ "primary" = @{ "username" = "primbinduser"; "password" = "primbindpass" }; "auxiliary" = @{ "username" = "auxbinduser"; "password" = "auxbindpass" } }; "joinAccounts" = @{ "primary" = @{ "username" = "primjoinuser"; "password" = "primjoinpass" }; "auxiliary" = @{ "username" = "auxjoinuser"; "password" = "auxjoinpass" } }; "defaultOU" = "OU=Horizon Cloud,OU=Systems,OU=MYDOM" } Invoke-RestMethod -Uri https://cloud.vmwarehorizon.com/admin/v2/active-directories -Method Post -Headers $Header -Body ($Body | ConvertTo-Json) |
(1) We create the access token from the API token using the New-HCSAccessToken function we described in chapter 2. We put this value in the $AccessToken variable, which we will use in the following step.
(2) We then construct the $Header array, where we specify the expected Content-Type to be received by the URI, which is application/json. And we specify the type of authorization using the Bearer type with the access token from the variable $AccessToken.
(3) After this we construct the $Body array with all the items that define the Active Directory configuration to be added to the Horizon Cloud Services.
Now that we have both the Header and Body information in place, it’s time to execute the command to add the Active Directory configuration (1). Once executed, the output with what has been configured will be displayed (2).
When we look in the Horizon Universal Console, we see that the Active Directory configuration is added.
Get
To retrieve the Active Directory configuration(s), we will use the following information:
| HTTP Method | GET | |
| URI | https://cloud.vmwarehorizon.com/admin/v2/active-directories | |
| Content-Type | application/json | Header |
| Authorization | Bearer <Access token> | Header |
With this information we will now construct the lines of code in PowerShell to retrieve the Active Directory configuration(s).
|
1 2 3 4 5 6 |
$Header = @{ "Content-Type" = "application/json"; "Authorization" = "Bearer " + $AccessToken } Invoke-RestMethod -Uri https://cloud.vmwarehorizon.com/admin/v2/active-directories -Method Get -Headers $Header |
(1) We create the access token from the API token again using the New-HCSAccessToken function, and put this value in the $AccessToken variable, which we will use in the following step.
(2) We construct the $Header array, where we specify the expected Content-Type to be received by the URI, which is application/json. And we specify the type of authorization using the Bearer type with the access token from the variable $AccessToken.
(3) We execute the command to retrieve the Active Directory configuration(s).
(4) Once executed, the output with what has been configured will be displayed.
Delete
To delete an Active Directory configuration, we will use the following information:
| HTTP Method | DELETE | |
| URI | https://cloud.vmwarehorizon.com/admin/v2/active-directories/<AD record ID> | |
| Content-Type | application/json | Header |
| Authorization | Bearer <Access token> | Header |
| id | Id for the Active Directory configuration | URI |
You can lookup the required AD record ID using the steps from the Get paragraph. Look for the id value in the output.
With this information we will now construct the lines of code in PowerShell to delete the Active Directory configuration.
|
1 2 3 4 5 6 |
$Header = @{ "Content-Type" = "application/json"; "Authorization" = "Bearer " + $AccessToken } Invoke-RestMethod -Uri https://cloud.vmwarehorizon.com/admin/v2/active-directories/<AD record ID> -Method Delete -Headers $Header |
(1) We create the access token from the API token again using the New-HCSAccessToken function, and put this value in the $AccessToken variable, which we will use in the following step.
(2) We construct the $Header array, where we specify the expected Content-Type to be received by the URI, which is application/json. And we specify the type of authorization using the Bearer type with the access token from the variable $AccessToken.
(3) We execute the command to delete the Active Directory configuration.
(4) Once executed, the output with what has been deleted will be displayed.
PowerShell Functions Examples
| The scripts below serve as examples. You may change the scripts to your own needs or standards, like error handling, securing password strings and things like that. |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
Function New-HCSADConfig { [CmdletBinding()] param ( [Parameter(Mandatory=$True)] [string]$AccessToken, [Parameter(Mandatory=$False)] [string]$Uri, [Parameter(Mandatory=$True)] [string]$OrganizationId, [Parameter(Mandatory=$True)] [string]$Name, [Parameter(Mandatory=$False)] [string]$Description, [Parameter(Mandatory=$True)] [string]$DNSDomainName, [Parameter(Mandatory=$True)] [string]$BindAccountUsername, [Parameter(Mandatory=$True)] [string]$BindAccountPassword, [Parameter(Mandatory=$True)] [string]$AuxBindAccountUsername, [Parameter(Mandatory=$True)] [string]$AuxBindAccountPassword, [Parameter(Mandatory=$True)] [string]$DomainJoinAccountUsername, [Parameter(Mandatory=$True)] [string]$DomainJoinAccountPassword, [Parameter(Mandatory=$True)] [string]$AuxDomainJoinAccountUsername, [Parameter(Mandatory=$True)] [string]$AuxDomainJoinAccountPassword, [Parameter(Mandatory=$True)] [string]$DefaultOU ) If (!($Uri)) { $Uri = "https://cloud.vmwarehorizon.com/admin/v2/active-directories" } $Header = @{ "Content-Type" = "application/json"; "Authorization" = "Bearer " + $AccessToken } If (!($Description)) { $Description = "" } $Body = @{ "bindAccounts" = @{ "auxiliary" = @{ "password" = $AuxBindAccountPassword; "username" = $AuxBindAccountUsername }; "primary" = @{ "password" = $BindAccountPassword; "username" = $BindAccountUsername }; }; "defaultOU" = "$DefaultOU"; "description" = "$Description"; "dnsDomainName" = "$DNSDomainName"; "joinAccounts" = @{ "auxiliary" = @{ "password" = $AuxDomainJoinAccountPassword; "username" = $AuxDomainJoinAccountUsername }; "primary" = @{ "password" = $DomainJoinAccountPassword; "username" = $DomainJoinAccountUsername }; }; "name" = "$Name"; "orgId" = "$OrganizationId" } Invoke-RestMethod -Uri "$Uri" -Method Post -Headers $Header -Body ($Body | ConvertTo-Json) } |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
Function Get-HCSADConfig { [CmdletBinding()] param ( [Parameter(Mandatory=$True)] [string]$AccessToken, [Parameter(Mandatory=$False)] [string]$Uri, [Parameter(Mandatory=$False)] [string]$Name ) If (!($Uri)) { $Uri = "https://cloud.vmwarehorizon.com/admin/v2/active-directories" } $Header = @{ "Content-Type" = "application/json"; "Authorization" = "Bearer " + $AccessToken } If (!($Name)) { Write-Output (Invoke-RestMethod -Uri "$Uri" -Method Get -Headers $Header).content } Else { ForEach ($_ in (Invoke-RestMethod -Uri "$Uri" -Method Get -Headers $Header).content) { If ($_.name -eq "$Name") { Write-Output $_ $NameFound = $True } } If ($NameFound -ne $True) { Write-Warning "Name not found." } } } |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
Function Remove-HCSADConfig { [CmdletBinding()] param ( [Parameter(Mandatory=$True)] [string]$AccessToken, [Parameter(Mandatory=$False)] [string]$Uri, [Parameter(Mandatory=$True)] [string]$Id ) If (!($Uri)) { $Uri = "https://cloud.vmwarehorizon.com/admin/v2/active-directories/" + $Id } $Header = @{ "Content-Type" = "application/json"; "Authorization" = "Bearer " + $AccessToken } Invoke-RestMethod -Uri "$Uri" -Method Delete -Headers $Header } |
I hope this chapter was informative and that you enjoyed reading.
Next up is single sign-on configuration.
1 Response
[…] 1 – API Token Chapter 2 – Access Token Chapter 3 – Active Directory Chapter 4 – Single Sign-On Chapter 5 – Site Chapter 6 – Provider Instance Chapter […]