Automating the World Around Me

vRA 7.2 Active Directory Policy Failing to Create New Computer Object


I love the new Active Directory Policy feature within vRealize Automation (vRA) 7.2. It allows easy management of Active Directory (AD) objects, like computer objects when a new VM is provisioned. I like this integration much better than the CCC plugin that was created for vRA 6.x a couple years ago. The flexibility of Active Directory Policies within vRA is highly desirable for most admins. It can also be fairly dynamic when paired with its custom property.

The Issue

Without much work, the Active Directory Policy configuration is quick and simple. However, I encountered a problem when the workflow within vRealize Orchestrator (vRO) could not create a new computer object during an event subscription lifecycle state. The error isn’t very descriptive unfortunately. 

AD Object Creation Failure

With not much to go on, I decided to perform the same operation but with the regular AD workflows within the AD plugin in vRO’s library. I received the same error when using those workflows. Choosing a different OU to deploy to also resulted in an error.

The Solution

I changed the service account I used to a domain admin account and was met with a successful creation of an AD computer object. At that moment, I realized I used a service account that did not have proper rights to the OU I was trying to create/delete computer objects in. It is an easy fix but without much of an error, it can be frustrating to troubleshoot.

Other than this user error, the Active Directory Policy integration works very well and is a must have for environments with Active Directory.



  1. Hi, I manage to have the VM created in the specified OU in the AD but my VM(windows) is not registered in the DNS server. Does this feature will automatic handle the DNS record creation or do I still need to create a workflow to register the machine to DNS server?

    • No, the AD Policy will not automatically handle DNS creation. You can create a workflow to register the machine to DNS or have the machine itself register when it comes online. Usually with Windows guests and working with AD/Windows DNS, it is an automatic process.

  2. we are having rights to service account for creating and deletion of computer in AD , but still we are facing same issue

Leave a Reply

Required fields are marked *.

This site uses Akismet to reduce spam. Learn how your comment data is processed.