Tip

Tracking virtual machine properties with Active Directory

In the first part of a three-part series, Chris Wolf outlines how to leverage Active Directory to track virtual machine properties and detect the virtual machine

    Requires Free Membership to View

location.

As organizations become more and more virtual, it is becoming increasingly difficult to differentiate between physical and virtual servers, but it's absolutely necessary to know the virtual machine location. Some administrators append "_vm" to the host names of each virtual machine. However, many organizations do not prefer this approach for identifying the virtual machine location, as any name change could impact how users and applications access the virtual machine properties and data. Changing a server's name in the virtual machine properties after it has been converted to a VM may also impact the server's locally installed applications and services. 

When administrators begin naming VMs following a physical to virtual (P2V) migration, they often use CNAME records in the domain name system to ensure name resolution transparency. Still, this approach adds complexity to managing server resources and the virtual machine properties. 

Another way to identify server objects as either physical or virtual, and identify the virtual machine location, is by making use of each computer object's Description attribute in Active Directory. Some organizations already use the Description attribute to identify a computer's location, department, or role. 

With that in mind, making use of the Description attribute may require you to be concise in how you identify physical or virtual objects. For example, the following naming convention could be used to identify the physical or virtual machine location:

  • Ps – Physical server
  • Vesx – VMware ESX VM
  • Vms – Microsoft Virtual Server VM
  • Vxen – Xen VM
  • Vvi – Virtual Iron VM
  • Vvz – SWsoft Virtuozzo virtual private server
  • Vscon – Solaris Container

I prefer to use P for physical and V for virtual as a prefix in all Description attributes. Doing so allows you to write scripts to query for all virtual machines, for example, by just having the script query the first character in each computer object's Description attribute.Two methods for identifying VMs through the virtual machine properties, via a computer object's Description attribute, are shown in Figures 1-2.

 


Figure 1: Identifying a Xen VM using the Description attribute


Figure 2: Using the Description attribute to identify a physical server, along with its location, department, and role

With the naming convention in place, the virtual machine location can be quickly found within any Active Directory container by using Active Directory Users and Computers and sorting objects by Description. This is done by clicking on the Description column in Active Directory Users and Computers (click twice to sort descending). An example of computer objects sorted by Description is shown in Figure 3.

 


Figure 3: Sorting VM computer objects in Active Directory Users and Computers

In large enterprises, most administrators find querying Active Directory useful for tracking the virtual machine location. For example, to locate all domain member computers that are ESX VMs, you could take the following steps:

  1. In Active Directory Users and Computers, right-click the domain object and select Find.
  2. In the Find dialog box, click the Find drop-down menu and select Computers.
  3. Next, click the Advanced tab. Under the Advanced tab, click the Field button and select Description from the resultant drop-down menu.
  4. In the Condition drop-down menu, select Starts With.
  5. In the Value field, type Vesx. Note that to find all VMs, you would just type V.
  6. Next, click the Add button.
  7. Click Find Now to start the query (see Figure 4). In a moment, all computers objects whose Description attribute starts with "Vesx" should be displayed.

 


Figure 4: ESX VM Active Directory query

Of course, working with the Active Directory Users and Computers GUI can only take you so far. In large environments, you will probably want to use scripts to populate each computer object's Description attribute. The SetDescription.vbs script below will read a list of computers from a text file and modify their existing description attribute so that it is prefixed with an identifier in the virtual machine properties.

 'SetDescription.vbs 'Adds virtual or physical descriptor to 'computer description attribute. 'set variables 'strPrefix -- physical or virtual identifier prefix ' Prefix values: ' Ps – Physical server ' Vesx – VMware ESX VM ' Vms – Microsoft Virtual Server VM ' Vxen – Xen VM ' Vvi – Virtual Iron VM ' Vvz – SWsoft Virtuozzo virtual private server ' Vscon – Solaris Container strPrefix = "Vesx" 'strDomainTarget -- this is the AD container ' where the target computer accounts are located strDomainTarget = "cn=computers,dc=virtual,dc=net" 'strSourceFile -- file that contains computer ' account list strSourceFile = "c:\computers.txt" ' Constants Const ForReading = 1 'Open Source File Set objFSO = CreateObject("Scripting.FileSystemObject") set objSourceFile = objFSO.OpenTextFile(strSourceFile,_ ForReading, True) 'Connect to Directory Service 'Modify computer description for each computer in ' source file list Do Until objSourceFile.AtEndOfStream strcomputer = objSourceFile.Readline strADSpath = "LDAP://cn=" & strcomputer & _ "," & strDomainTarget Set objComputer = GetObject(strADSpath) strOldDes = objcomputer.description If strOldDes = "" then strNewDes = strPrefix Else strNewDes = strPrefix & " - " & strOldDes End If objcomputer.Put "Description", strNewDes objcomputer.SetInfo Loop

Note that in the script you will need to modify the following variables:

  • strPrefix
  • strDomainTarget
  • strSourceFile

strPrefix identifies the virtual machine prefix to assign to each computer's Description attribute. For example, for ESX VMs, you can set strPrefix to "Vesx." For physical servers, you would set strPrefix as "Ps." strDomainTarget must be set to the distinguished name of the container in which the target computers reside. 

For example, if the computer's objects reside in the Computers container of the TechTarget.com domain, the strDomainTarget variable would have to be set to "cn=computers,dc=techtarget,dc=com". If the computers were in the Development OU in the TechTarget.com domain, the strDomainTarget variable would have to be set to "ou=development,dc=techtarget,dc=com". Note that the script is limited to work with one Active Directory container at a time, so if you need to modify computer objects in multiple containers, you will need to run the script once for each Active Directory target container.

strSourceFile identifies the text file that contains a list of computer names to modify. Each line of the file should list a computer's host name. Here is a sample file: computers.txt.

Once each computer object's Description attribute has been set, you can use the Active Directory Users and Computers query technique mentioned earlier in this article to identify the virtual machine location. Alternatively, you can use a script to query Active Directory and output a list of computers that includes a description prefix such as "Ps," "Vesx," or "V." 

In part two of this series, I discuss querying Active Directory computer object descriptions to help determine virtual machine location. In part three, I cover extending the Active Directory schema to include custom Active Directory attributes that can identify computers as either physical systems or virtual machines.

About the author 
Chris Wolf is a Microsoft MVP for Windows Server – File System/Storage and is a MCSE, MCT, and CCNA. He's a Senior Analyst for Burton Group who specializes in the areas of virtualization solutions, high availability, enterprise storage, and network infrastructure management.

This was first published in July 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.