https://community.hpe.com/t5/hpe-oneview/changing-domain-controllers/m-p/7198671#M8547 You just update the directoryServers collection. The updated list should can't valid domain controller addresses. Fri, 13 Oct 2023 23:36:51 GMT ChrisLynch 2023-10-13T23:36:51Z https://community.hpe.com/t5/hpe-oneview/changing-domain-controllers/m-p/7198621#M8541 <P>We have our OneView appliances connected to the corporate active directory.&nbsp; As the domain controllers age, they get replaced with newer systems.&nbsp; So, our appliances wind up pointing to systems that are no longer domain controllers.&nbsp; So, I developed this code to check them:</P><LI-CODE lang="markup">DCs=$(/usr/bin/dig SRV _ldap._tcp.my.org +noall +answer | awk '{ print $8 }' | sed -e '/^$/d' | grep -v 'noall' | sort -t \- -k 2,2 -k 1,1) for SERVER in $(curl --insecure --silent --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" --request GET ${Oneview}/rest/logindomains | jq -r '.members[] | .directoryServers[] | .directoryServerIpAddress'); do if [[ $(echo ${DCs} | grep -c ${SERVER}) -gt 0 ]]; then echo "This is a good domain controller, ${SERVER}." else echo "This is no longer a good domain controller, ${SERVER}." fi done</LI-CODE><P>My question now is, how do I delete a bad domain controller and add in a new one?&nbsp; Do I just make a new connection to AD with a new list of domain controllers, or can I delete one and just add one?</P> Mon, 16 Oct 2023 04:07:21 GMT https://community.hpe.com/t5/hpe-oneview/changing-domain-controllers/m-p/7198621#M8541 bradawk1 2023-10-16T04:07:21Z https://community.hpe.com/t5/hpe-oneview/changing-domain-controllers/m-p/7198671#M8547 You just update the directoryServers collection. The updated list should can't valid domain controller addresses. Fri, 13 Oct 2023 23:36:51 GMT https://community.hpe.com/t5/hpe-oneview/changing-domain-controllers/m-p/7198671#M8547 ChrisLynch 2023-10-13T23:36:51Z https://community.hpe.com/t5/hpe-oneview/changing-domain-controllers/m-p/7198744#M8549 <P>I tried with:</P><LI-CODE lang="markup">LDOM=$(curl --insecure --silent --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" --request GET ${Oneview}/rest/logindomains | jq -r '.members[] | .directoryServers[] | .uri' | head -1) # # Get two or three domain controllers from the list: echo ${DCs} | tr ' ' '\n' DC1="&lt;domain controller 1&gt;" DC2="&lt;domain controller 2&gt;" DC3="&lt;domain controller 3&gt;" DATA='{directoryServers": [{"directoryServerIpAddress":"'${DC1}'","directoryServerSSLPortNumber":"636"},{"directoryServerIpAddress":"'${DC2}'","directoryServerSSLPortNumber":"636"},{"directoryServerIpAddress":"'${DC3}'","directoryServerSSLPortNumber":"636"}]}' curl --insecure --silent --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" --request PUT ${oneView}${LDOM} | jq -r '.'</LI-CODE><P>and got back:</P><LI-CODE lang="markup">{ "errorCode": "AUTHN_LOGINDOMAIN_SELF_DELETE_EDIT_NOT_ALLOWED", "message": "Cannot delete or edit the directory settings of the current user.", "details": "A user belonging to a directory cannot delete or edit it.", "messageParameters": [], "recommendedActions": [ "Login as a user of different directory and retry." ], "errorSource": "loginDomain", "nestedErros": [], "data": {} }</LI-CODE><P>So, I changed my login domain to the local domain and tried again.&nbsp; This time I got:</P><LI-CODE lang="markup">{ "errorCode": "AUTHN_EMPTY_LOGINDOMAIN_NAME", "message": "Directory service name cannot be empty.", "details": "Directory service name cannot be empty.", "messageParameters": [], "recommendedActions": [ "Specify a unique directory service name." ], "errorSource": "directoryName", "nestedErrors": [], "data": {} }</LI-CODE><P>I'm assuming a need more in the JSON supplied?&nbsp; Just trying to determine what is missing.</P> Mon, 16 Oct 2023 11:09:49 GMT https://community.hpe.com/t5/hpe-oneview/changing-domain-controllers/m-p/7198744#M8549 bradawk1 2023-10-16T11:09:49Z https://community.hpe.com/t5/hpe-oneview/changing-domain-controllers/m-p/7198838#M8551 <P>Does anyone know how to determine the directoryName or directory service name?&nbsp; I'm not finding that reference in the logindomains output.&nbsp; So, not really sure what it is asking for?</P> Tue, 17 Oct 2023 12:07:58 GMT https://community.hpe.com/t5/hpe-oneview/changing-domain-controllers/m-p/7198838#M8551 bradawk1 2023-10-17T12:07:58Z https://community.hpe.com/t5/hpe-oneview/changing-domain-controllers/m-p/7198840#M8552 <P>I got a little further.&nbsp; I have at this point:</P><LI-CODE lang="markup">DCs=$(/usr/bin/dig SRV _ldap._tcp.my.org +noall +answer | awk '{ print $8 }' | sed -e '/^$/d' | grep -v 'noall' | sort -t \- -k 2,2 -k 1,1) for SERVER in $(curl --insecure --silent --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" --request GET ${Oneview}/rest/logindomains | jq -r '.members[] | .directoryServers[] | .directoryServerIpAddress'); do if [[ $(echo ${DCs} | grep -c ${SERVER}) -gt 0 ]]; then echo "This is a good domain controller, ${SERVER}." else echo "This is no longer a good domain controller, ${SERVER}." fi done # LDOM=$(curl --insecure --silent --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" --request GET ${Oneview}/rest/logindomains | jq -r '.members[] | .directoryServers[] | .uri' | head -1) DSN=$(curl --insecure --silent --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" --request GET ${Oneview}/rest/logindomains | jq -r '.members[] | .name') DTYPE=$(curl --insecure --silent --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" --request GET ${Oneview}/rest/logindomains | jq -r '.members[] | .authProtocol') # # Get two or three domain controllers from the list: echo ${DCs} | tr ' ' '\n' DC1="&lt;domain controller 1&gt;" DC2="&lt;domain controller 2&gt;" DC3="&lt;domain controller 3&gt;" DATA='{"name": "'${DSN}'","authProtocol": "'${DTYPE}'",directoryServers": [{"uri":"'${LDOM}'","directoryServerIpAddress":"'${DC1}'","directoryServerSSLPortNumber":"636"},{"uri":"'${LDOM}'","directoryServerIpAddress":"'${DC2}'","directoryServerSSLPortNumber":"636"},{"uri":"'${LDOM}'","directoryServerIpAddress":"'${DC3}'","directoryServerSSLPortNumber":"636"}]}' curl --insecure --silent --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" --request PUT ${oneView}${LDOM} | jq -r '.'</LI-CODE><P>but this time I got:</P><LI-CODE lang="markup">{ "errorCode": "UNEXPECTED_EXCEPTION", "message": "An unexpected error occurred.", "details": "An unexpected and unhandled runtime exception occured.", "messageParameters": [], "recommendedActions": [ "Please contact your authorized support representative and provide them with a support dump." ], "errorSource": null, "nestedErrors": [], "data": {} }</LI-CODE> Tue, 17 Oct 2023 12:31:14 GMT https://community.hpe.com/t5/hpe-oneview/changing-domain-controllers/m-p/7198840#M8552 bradawk1 2023-10-17T12:31:14Z