In the first part of a three-part series, Chris Wolf outlines how to leverage Active Directory to track virtual
machine properties and detect the virtual machine location.
As organizations become more and more virtual, it is becoming increasingly difficult to differentiate between physical and virtual servers, but it's absolutely necessary to know the virtual machine location. Some administrators append "_vm" to the host names of each virtual machine. However, many organizations do not prefer this approach for identifying the virtual machine location, as any name change could impact how users and applications access the virtual machine properties and data. Changing a server's name in the virtual machine properties after it has been converted to a VM may also impact the server's locally installed applications and services.
When administrators begin naming VMs following a physical to virtual (P2V) migration, they often use CNAME records in the domain name system to ensure name resolution transparency. Still, this approach adds complexity to managing server resources and the virtual machine properties.
Another way to identify server objects as either physical or virtual, and identify the virtual machine location, is by making use of each computer object's Description attribute in Active Directory. Some organizations already use the Description attribute to identify a computer's location, department, or role.
With that in mind, making use of the Description attribute may require you to be concise in how you identify physical or virtual objects. For example, the following naming convention could be used to identify the physical or virtual machine location:
- Ps – Physical server
- Vesx – VMware ESX VM
- Vms – Microsoft Virtual Server VM
- Vxen – Xen VM
- Vvi – Virtual Iron VM
- Vvz – SWsoft Virtuozzo virtual private server
- Vscon – Solaris Container
I prefer to use P for physical and V for virtual as a prefix in all Description attributes. Doing so allows you to write scripts to query for all virtual machines, for example, by just having the script query the first character in each computer object's Description attribute.Two methods for identifying VMs through the virtual machine properties, via a computer object's Description attribute, are shown in Figures 1-2.
Figure 1: Identifying a Xen VM using the Description attribute
Figure 2: Using the Description attribute to identify a physical server, along with its location, department, and role
With the naming convention in place, the virtual machine location can be quickly found within any Active Directory container by using Active Directory Users and Computers and sorting objects by Description. This is done by clicking on the Description column in Active Directory Users and Computers (click twice to sort descending). An example of computer objects sorted by Description is shown in Figure 3.
Figure 3: Sorting VM computer objects in Active Directory Users and Computers
In large enterprises, most administrators find querying Active Directory useful for tracking the virtual machine location. For example, to locate all domain member computers that are ESX VMs, you could take the following steps:
- In Active Directory Users and Computers, right-click the domain object and select Find.
- In the Find dialog box, click the Find drop-down menu and select Computers.
- Next, click the Advanced tab. Under the Advanced tab, click the Field button and select Description from the resultant drop-down menu.
- In the Condition drop-down menu, select Starts With.
- In the Value field, type Vesx. Note that to find all VMs, you would just type V.
- Next, click the Add button.
- Click Find Now to start the query (see Figure 4). In a moment, all computers objects whose Description attribute starts with "Vesx" should be displayed.
Figure 4: ESX VM Active Directory query
Of course, working with the Active Directory Users and Computers GUI can only take you so far. In large environments, you will probably want to use scripts to populate each computer object's Description attribute. The SetDescription.vbs script below will read a list of computers from a text file and modify their existing description attribute so that it is prefixed with an identifier in the virtual machine properties.
'SetDescription.vbs 'Adds virtual or physical descriptor to 'computer description attribute. 'set variables 'strPrefix -- physical or virtual identifier prefix ' Prefix values: ' Ps – Physical server ' Vesx – VMware ESX VM ' Vms – Microsoft Virtual Server VM ' Vxen – Xen VM ' Vvi – Virtual Iron VM ' Vvz – SWsoft Virtuozzo virtual private server ' Vscon – Solaris Container strPrefix = "Vesx" 'strDomainTarget -- this is the AD container ' where the target computer accounts are located strDomainTarget = "cn=computers,dc=virtual,dc=net" 'strSourceFile -- file that contains computer ' account list strSourceFile = "c:\computers.txt" ' Constants Const ForReading = 1 'Open Source File Set objFSO = CreateObject("Scripting.FileSystemObject") set objSourceFile = objFSO.OpenTextFile(strSourceFile,_ ForReading, True) 'Connect to Directory Service 'Modify computer description for each computer in ' source file list Do Until objSourceFile.AtEndOfStream strcomputer = objSourceFile.Readline strADSpath = "LDAP://cn=" & strcomputer & _ "," & strDomainTarget Set objComputer = GetObject(strADSpath) strOldDes = objcomputer.description If strOldDes = "" then strNewDes = strPrefix Else strNewDes = strPrefix & " - " & strOldDes End If objcomputer.Put "Description", strNewDes objcomputer.SetInfo Loop
Note that in the script you will need to modify the following variables:
strPrefix identifies the virtual machine prefix to assign to each computer's Description attribute. For example, for ESX VMs, you can set strPrefix to "Vesx." For physical servers, you would set strPrefix as "Ps." strDomainTarget must be set to the distinguished name of the container in which the target computers reside.
For example, if the computer's objects reside in the Computers container of the TechTarget.com domain, the strDomainTarget variable would have to be set to "cn=computers,dc=techtarget,dc=com". If the computers were in the Development OU in the TechTarget.com domain, the strDomainTarget variable would have to be set to "ou=development,dc=techtarget,dc=com". Note that the script is limited to work with one Active Directory container at a time, so if you need to modify computer objects in multiple containers, you will need to run the script once for each Active Directory target container.
strSourceFile identifies the text file that contains a list of computer names to modify. Each line of the file should list a computer's host name. Here is a sample file: computers.txt.
Once each computer object's Description attribute has been set, you can use the Active Directory Users and Computers query technique mentioned earlier in this article to identify the virtual machine location. Alternatively, you can use a script to query Active Directory and output a list of computers that includes a description prefix such as "Ps," "Vesx," or "V."
In part two of this series, I discuss querying Active Directory computer object descriptions to help determine virtual machine location. In part three, I cover extending the Active Directory schema to include custom Active Directory attributes that can identify computers as either physical systems or virtual machines.
About the author
Chris Wolf is a Microsoft MVP for Windows Server – File System/Storage and is a MCSE, MCT, and CCNA. He's a Senior Analyst for Burton Group who specializes in the areas of virtualization solutions, high availability, enterprise storage, and network infrastructure management.