When it comes to vCO's integration with AD I have been pretty frustrated. The AD plugin is only a part of that frustration. I finally completely removed it and instead created wrappers for the windows command line utilities and I have been much happier. I have encountered no problems since taking this route. You'll want to install them on your vCO server (assuming you are not using the appliance) and make sure you have the tweaks in place to enable running local commands on the host as follows:
1. modify config file install_directory\VMware\Orchestrator\app-server\server\vmo\conf\vmo.properties
2. add this line to the end: com.vmware.js.allow-local-process=true
3. restart the server
Heres an action that accepts a string in distinguished name format "dn" is the variable passed in and "user" and "pwd" are user and password. You can create a credential to hold this in a configuration element or pass them in on the fly.
var returnVal = false;
var commandTxt = "c:/windows/system32/dsrm.exe -noprompt \""+ dn + "\" -u " + user + " -p " + pwd;
var cmd = new Command(commandTxt);
cmd.execute(true);
System.log("Command result: " + cmd.result);
System.log("Command output: " + cmd.output);
if (cmd.result == 0 && cmd.output.indexOf("dsrm succeeded") >= 0) {
System.log("AD computer object deletion successful with DSRM.");
returnVal = true;
}
else {
System.log("Failed to remove computer object from AD!");
}
return returnVal;