Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Intelligent Automation - Add Active Directory User to Remote Computer Local Administrator Group
This document explains automation workflow development and logic using Cisco Cloud Process Orcehstrator product (CPO).
In a Cloud deployment a Windows 2008 or Windows 2007 virtual machin is provisioned into the Cloud using a template. The Windows VM template comes with only administrative rights that would allow the IT Admin to have access to it as a back-door channel. Now the requirement is to allow access to the virtual machine for the user who actually requested the virtual machine.
This can be automated using the CPO Windows adapter.
CPO logs into the Windows 2008 R2 AD server using its Windows adapter
Windows Power-Shell script can be execute either on the Windows AD Server or on the CPO server itself
Script will add user-name of the person who requested the virtuam machine into the local admin group of newly provisioned VM
Script execution must be enabled on the Windows AD server
CPO Windows target's run-time user should have proper rights to execute the commands included in the power-shell script. Typically that would be a services account
Newly provisioned VM must be part of the same active directory domain
Enable Script Execution on Windows 2008 R2 Active Directory (AD) Server
Cisco Cloud Process Orcehstrator Workflow
The target for this workflow is the CPO (TEO) server itself
Workflow takes two input from user
User-ID or User-Name
The user-name and ComputerName can also be passed from the Cisco Cloud Portal (newScale request center)
Powershell script then adds the user-id to the local administrator group on the newly provisioned VM
Following is the screenshot from workflow.
Script argumens are already saved in the visual basic style variable format and can be accessed using $arg, $arg and so on.