How to use Active Directory to identify and track virtual machines, part 1

As organizations become more and more virtual, it is becoming increasingly difficult to differentiate between physical and virtual servers. Some administrators append "_vm" to the host names of each virtual machine. However, many organizations do not prefer this approach, as any name change could impact how users and applications access the VM's data. Changing a server's name after it has been converted to a VM may also impact the server's locally installed applications and services. When administrators rename a server following a physical to virtual (P2V) migration, they often use CNAME records in DNS to ensure name resolution transparency. Still, this approach adds additional complexity to managing server resources. Another way to identify server objects as either physical or virtual is by making use of each computer object's Description attribute in Active Directory. Some organizations already use the Description attribute to identify a computer's location, department, or role. With that in mind, making use of the Description attribute may require you to be concise in how you identify physical or virtual objects. For example, the following naming convention could be used:

• Ps – Physical server
• Vesx – VMware ESX VM
• Vms – Microsoft Virtual Server VM
• Vxen – Xen VM
• Vvi – Virtual Iron VM
• Vvz – SWsoft Virtuozzo virtual private server
• Vscon – Solaris Container

I prefer to use P for physical and V for virtual as a prefix in all Description attributes. Doing so allows you to write scripts to query for all virtual machines, for example, by just having the script query the first character in each computer object's Description attribute.

Two methods for identifying VMs via a computer object's Description attribute are shown in Figures 1-2.

Figure 1: Identifying a Xen VM using the Description attribute

Figure 2: Using the Description attribute to identify a physical server, along with its location, department, and role

With the naming convention in place, VM objects can be quickly found within any Active Directory container by using Active Directory Users and Computers and sorting objects by Description. This is done by clicking on the Description column in Active Directory Users and Computers (click twice to sort descending). An example of computer objects sorted by Description is shown in Figure 3.

Figure 3: Sorting VM computer objects in Active Directory Users and Computers

In large enterprises, most administrators find Active Directory's query features useful. For example, to locate all domain member computers that are ESX VMs, you could take the following steps:

1. In Active Directory Users and Computers, right-click the domain object and select Find.
2. In the Find dialog box, click the Find drop-down menu and select Computers.
3. Next, click the Advanced tab. Under the Advanced tab, click the Field button and select Description from the resultant drop-down menu.
4. In the Condition drop-down menu, select Starts With.
5. In the Value field, type Vesx. Note that to find all VMs, you would just type V.
6. Next, click the Add button.
7. Click Find Now to start the query (see Figure 4). In a moment, all computers objects whose Description attribute starts with "Vesx" should be displayed.

Figure 4: ESX VM Active Directory query

Of course, working with the Active Directory Users and Computers GUI can only take you so far. In large environments, you will probably want to use scripts to populate each computer object's Description attribute. The SetDescription.vbs script below will read a list of computers from a text file and modify their existing description attribute so that it is prefixed with a physical or virtual identifier.

'SetDescription.vbs
'Adds virtual or physical descriptor to 
'computer description attribute.

'set variables

'strPrefix -- physical or virtual identifier prefix
' Prefix values: 
'  Ps – Physical server
'  Vesx – VMware ESX VM
'  Vms – Microsoft Virtual Server VM
'  Vxen – Xen VM
'  Vvi – Virtual Iron VM
'  Vvz – SWsoft Virtuozzo virtual private server
'  Vscon – Solaris Container
strPrefix = "Vesx"

'strDomainTarget -- this is the AD container
' where the target computer accounts are located
strDomainTarget = "cn=computers,dc=virtual,dc=net"

'strSourceFile -- file that contains computer 
' account list
strSourceFile = "c:\computers.txt"

' Constants 
Const ForReading = 1

'Open Source File
Set objFSO = CreateObject("Scripting.FileSystemObject")
set objSourceFile = objFSO.OpenTextFile(strSourceFile,_
    ForReading, True)

'Connect to Directory Service
'Modify computer description for each computer in 
' source file list
Do Until objSourceFile.AtEndOfStream 
    strcomputer = objSourceFile.Readline
    strADSpath = "LDAP://cn=" & strcomputer & _
       "," & strDomainTarget
    Set objComputer = GetObject(strADSpath)
    strOldDes = objcomputer.description
    If strOldDes = "" then 
      strNewDes = strPrefix
    Else 
      strNewDes = strPrefix & " - " & strOldDes
    End If
    objcomputer.Put "Description", strNewDes
    objcomputer.SetInfo
Loop

Note that in the script you will need to modify the following variables:

• strPrefix
• strDomainTarget
• strSourceFile

strPrefix identifies the virtual machine prefix to assign to each computer's Description attribute. For example, for ESX VMs, you can set strPrefix to "Vesx." For physical servers, you would set strPrefix as "Ps." strDomainTarget must be set to the distinguished name of the container in which the target computers reside. For example, if the computers objects reside in the Computers container of the TechTarget.com domain, the strDomainTarget variable would have to be set to "cn=computers,dc=techtarget,dc=com". If the computers were in the Development OU in the TechTarget.com domain, the strDomainTarget variable would have to be set to "ou=development,dc=techtarget,dc=com". Note that the script is limited to work with one Active Directory container at a time, so if you need to modify computer objects in multiple containers, you will need to run the script once for each Active Directory target container.

strSourceFile identifies the text file that contains a list of computer names to modify. Each line of the file should list a computer's host name. Here is a sample file: computers.txt.

Once each computer object's Description attribute has been set, you can use the Active Directory Users and Computers query technique mentioned earlier in this article to locate virtual machine objects. Alternatively, you can use a script to query Active Directory and output a list of computers that includes a description prefix such as "Ps," "Vesx," or "V." In part two of this article series, scripting Active Directory computer object description queries is discussed. In part three, I cover extending the Active Directory schema to include a custom attribute to identify computers as either physical systems or virtual machines.

About the author: Chris Wolf is a Microsoft MVP for Windows Server – File System/Storage and is a MCSE, MCT, and CCNA. He's a Senior Analyst for Burton Group who specializes in the areas of virtualization solutions, high availability, enterprise storage, and network infrastructure management.

Rate this Tip To rate tips, you must be a member of SearchServerVirtualization.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.