Microsoft Active Directory (AD) is a crucial requirement in most Windows server deployments.

With the OneFuse Microsoft Active Directory module, organizations can flexibly drive Windows server registration with Microsoft Active Directory. OneFuse provides the control and standardization for resources for both public and private cloud (on-prem) environments. 

OneFuse eliminates the security risk of requiring direct access to Microsoft Active Directory, enabling least-privilege access for specific use cases via policy-based services, versus exposing the full Microsoft Active Directory and otherwise over-allocating permissions. Each policy defines the automation use case with the added flexibility of having the requester influence all use cases dynamically via templated fields. 

Registered Computer Accounts in OneFuse

OneFuse Microsoft AD with vRA Cloud Assembly

OneFuse Microsoft AD with Terraform

OneFuse Makes vRA Better

Learn More


Microsoft Active Directory registration and de-registration

Automatically during the provision and deprovision lifecycle

Big data - laptop icon
Dynamic OU Assignments

Influence the assignments dynamically via templated fields

Analytics - network icon
Centralized Visibility

View the active deployment inventory representing the outputs and relevant data of each policy execution

Blockchain icon

Features and Capabilities

  • Drive from any tool, e.g. vRealize Automation, Terraform, Ansible, ServiceNow, CloudBolt CMP or directly via the API
  • OneFuse enables least-privilege access wherein each policy serves as an API-based service, restricted to the specific use cases defined in the policy, without exposing the full Microsoft Active Directory or over-allocating permissions to users or upstream automation tools.  
  • Each policy defines the automation use case, OU (build/interim and final) and optional Security Group(s)
    • Registers computer (VM) account with Active Directory  
    • Supports placement in a “build OU” during provisioning in order to facilitate software deployments/configurations that require a less restrictive Group Policy
    • Supports moving to a final OU post-provisioning  
    • Supports dynamic creation and removal of OUs  
    • Supports adding the computer account to existing Active Directory Security Group/s  
    • OU and Security Group designations are dynamic templated fields utilizing the OneFuse Template Engine
  • Added flexibility of having the requester influence all use cases dynamically via templated fields
  • Multiple Microsoft Active Directory Policies (each specifying a Microsoft Endpoint) can safely co-exist, allowing for isolated testing and promotion without disruption 
  • Utilize the same Microsoft Endpoint for OneFuse Microsoft DNS module 
  • Ability to model policies by previewing templated scenarios directly in the OneFuse UI using static property sets 
  • Centralized visibility into inventory of Active Directory registrations, log data