[HorizonAPI]Finding VDI or RDS machines based on wrong/old Golden Image

One of the first thing I did years ago when I first learned of the Horizon API’s was to start working on the vCheck for Horizon as I at that point was managing a Horizon 6.2* environment with lots of pools and lots of issues. With the vCheck I didn’t need to log into all pod’s anymore and nor did I need to check each and every pool after a recompose if all desktops had the correct image. Last week Guy Leech asked me if there was a script that could do this for RDS farms as he was working on a script that has to do with App Volumes & RDS hosts. I was like hell yeah we have that but when I looked at the vCheck and had to admit that it was a actually a hell no.

So after creating a new RDS image that could be used with Instant Clones this week it was time to create that vCheck. This morning and I even splashed a bug in the VDI wrong snapshot check when a Desktop Pool doesn’t have any machines in it. This led to this tweet that you might have seen:

SO what is actually the magic behind these checks? To be honest it is rather simple as the names of both the VM and the Snapshot in use are embedded in object both on pool/farm level and in the machine objects themselves.

First I connect to the connection server so we’ll use a credentials file and I also define 2 variables that we will use later

$hvconserver="pod2cbr1.loft.lab"
$credsfile="D:\homelab\creds.xml"

$creds=Import-Clixml $credsfile

$hvserver=connect-hvserver -Server $hvconserver -Credential $creds
$hvservice=$hvserver.ExtensionData
[email protected]()
[email protected]()

After this I use 2 query’s to gather Pool and Farm information. The summaryviews don’t contain the needed information so I have to use farm.farm_get with the id to get what we need.

# --- Get Desktop pools
$poolqueryservice=new-object vmware.hv.queryserviceservice
$pooldefn = New-Object VMware.Hv.QueryDefinition
$pooldefn.queryentitytype='DesktopSummaryView'
$poolqueryResults = $poolqueryService.QueryService_Create($hvservice, $pooldefn)
$pools = foreach ($poolresult in $poolqueryResults.results){$hvservice.desktop.desktop_get($poolresult.id)}
$poolqueryservice.QueryService_DeleteAll($hvservice)
# --- Get RDS Farms

$Farmqueryservice=new-object vmware.hv.queryserviceservice
$Farmdefn = New-Object VMware.Hv.QueryDefinition
$Farmdefn.queryentitytype='FarmSummaryView'
$FarmqueryResults = $FarmqueryService.QueryService_Create($hvservice, $Farmdefn)
$farms = foreach ($farmresult in $farmqueryResults.results){$hvservice.farm.farm_get($farmresult.id)}
$Farmqueryservice.QueryService_DeleteAll($hvservice)

So how does this look?

and inside the automateddesktopdata and automatedfarmdata we find a property called virtualcenternamesdata that has what we need

Next I will create object for both the first farm and the first pool to show what where we need to look for in the vdi/machine objects

$queryservice=new-object vmware.hv.queryserviceservice
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryentitytype='MachineSummaryView'
$defn.filter = New-Object VMware.Hv.QueryFilterEquals -Property @{ 'memberName' = 'base.desktop'; 'value' = $pool.id }
$queryResults = $queryService.QueryService_Create($hvservice, $defn)
$poolmachines=$hvservice.machine.machine_getinfos($queryResults.results.id)


$queryservice=new-object vmware.hv.queryserviceservice
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryentitytype='RDSServerInfo'
$defn.filter = New-Object VMware.Hv.QueryFilterEquals -Property @{ 'memberName' = 'base.farm'; 'value' = $farm.ID }
$queryResults = $queryService.QueryService_Create($hvservice, $defn)
$farmmachines=$queryresults.results

As you can see I take an extra step for the desktops as the information that we need is not visible in the MachineSummaryView and the MachineDetailsView is a mess to run query’s for. The VDI machines have the GI and snapshot data stored in $machines.managedachinedata.viewcomposerdata (yes also for Instant Clones) while the rds hosts have it stored in RdsServerMaintenanceData.

After this it’s a matter of combining that information into a nice script that will grab it all for you.

$hvconserver="pod2cbr1.loft.lab"
$credsfile="D:\homelab\creds.xml"

$creds=Import-Clixml $credsfile

$hvserver=connect-hvserver -Server $hvconserver -Credential $creds
$hvservice=$hvserver.ExtensionData
[email protected]()
[email protected]()

# --- Get Desktop pools
$poolqueryservice=new-object vmware.hv.queryserviceservice
$pooldefn = New-Object VMware.Hv.QueryDefinition
$pooldefn.queryentitytype='DesktopSummaryView'
$poolqueryResults = $poolqueryService.QueryService_Create($hvservice, $pooldefn)
$pools = foreach ($poolresult in $poolqueryResults.results){$hvservice.desktop.desktop_get($poolresult.id)}
$poolqueryservice.QueryService_DeleteAll($hvservice)
# --- Get RDS Farms

$Farmqueryservice=new-object vmware.hv.queryserviceservice
$Farmdefn = New-Object VMware.Hv.QueryDefinition
$Farmdefn.queryentitytype='FarmSummaryView'
$FarmqueryResults = $FarmqueryService.QueryService_Create($hvservice, $Farmdefn)
$farms = foreach ($farmresult in $farmqueryResults.results){$hvservice.farm.farm_get($farmresult.id)}
$Farmqueryservice.QueryService_DeleteAll($hvservice)




foreach ($pool in $pools){
  $poolname=$pool.base.name

  if ($pool.type -like "*automated*"){
    $queryservice=new-object vmware.hv.queryserviceservice
    $defn = New-Object VMware.Hv.QueryDefinition
    $defn.queryentitytype='MachineSummaryView'

    $defn.filter = New-Object VMware.Hv.QueryFilterEquals -Property @{ 'memberName' = 'base.desktop'; 'value' = $pool.id }

        $queryResults = $queryService.QueryService_Create($hvservice, $defn)

    if ($queryResults.results.count -ge 1){
      $poolmachines=$hvservice.machine.machine_getinfos($queryResults.results.id)
      $wrongsnaps=$poolmachines | where {$_.managedmachinedata.viewcomposerdata.baseimagesnapshotpath -notlike  $pool.automateddesktopdata.VirtualCenternamesdata.snapshotpath -OR $_.managedmachinedata.viewcomposerdata.baseimagepath -notlike $pool.automateddesktopdata.VirtualCenternamesdata.parentvmpath}
      if ($wrongsnaps){
        foreach ($wrongsnap in $wrongsnaps){
          $wrongsnapdesktops+= New-Object PSObject -Property @{
            "VM Name" = $wrongsnap.base.name;
            "VM Snapshot" = $wrongsnap.managedmachinedata.viewcomposerdata.baseimagesnapshotpath;
            "VM GI" = $wrongsnap.managedmachinedata.viewcomposerdata.baseimagepath;
            "Pool Snapshot" = $pool.automateddesktopdata.VirtualCenternamesdata.snapshotpath;
            "Pool GI" = $pool.automateddesktopdata.VirtualCenternamesdata.parentvmpath;
          }
        }
      }
    }
    $hvservice.QueryService.QueryService_DeleteAll()
  }
}

foreach ($farm in $farms){
  $farmname=$farm.data.name

  if ($farm.type -like "*automated*"){
    $queryservice=new-object vmware.hv.queryserviceservice
    $defn = New-Object VMware.Hv.QueryDefinition
    $defn.queryentitytype='RDSServerInfo'

    $defn.filter = New-Object VMware.Hv.QueryFilterEquals -Property @{ 'memberName' = 'base.farm'; 'value' = $farm.ID }

    $queryResults = $queryService.QueryService_Create($hvservice, $defn)
    $farmmachines=$queryResults.Results
    if ($farmmachines.count -ge 1){
      $wrongsnaps=$farmmachines | where {$_.rdsservermaintenancedata.baseimagesnapshotpath -notlike  $farm.automatedfarmdata.VirtualCenternamesdata.snapshotpath -OR $_.rdsservermaintenancedata.baseimagepath -notlike $farm.automatedfarmdata.VirtualCenternamesdata.parentvmpath}
      if ($wrongsnaps){
        foreach ($wrongsnap in $wrongsnaps){
          $wrongsnaphosts+= New-Object PSObject -Property @{
            "RDS Name" = $wrongsnap.base.name;
            "VM Snapshot" = $wrongsnap.rdsservermaintenancedata.baseimagesnapshotpath;
            "VM GI" = $wrongsnap.rdsservermaintenancedata.baseimagepath;
            "Farm Snapshot" = $farm.automatedfarmdata.VirtualCenternamesdata.snapshotpath;
            "Farm GI" = $farm.automatedfarmdata.VirtualCenternamesdata.parentvmpath;
          }
        }
      
      }
      $hvservice.QueryService.QueryService_DeleteAll()
    }
  }
}
$wrongsnaphosts
$wrongsnapdesktops

Yes this is the same idea as what I use in the vCheck and what I will be using in the ControlUp Script Based Action that I will be creating soon.

 

The VMware Labs flings monthly for August 2020- Time for a new OSOT

The schedule builder for VMworld is open but we should have been at VMworld US around this time if only that stupid virus would have stayed away. In august there where three new fling releases and eight got one or more updates.

New

Software-Defined Data Center Skywalk

Federated Machine Learning on Kubernetes

VMware Container For [email protected]

Updates

FlowGate

VMware Machine Learning Platform

Demo Appliance for Tanzu Kubernetes Grid

Infrastructure Deployer for vCloud NFV

Workspace ONE UEM SCIM Adapter

VMware OS Optimization Tool

App Volumes Migration Utility

USB Network Native Driver for ESXi

New Releases

Software-Defined Data Center Skywalk

Even with the description it’s not always clear what Software-Defined Data Center Skywalk does but apparently it helps in building vpn’s between VMC & on-prem datacenters.

The current API/UI workflow requires multiple operations in different VMC Software Defined Data Centers’ (SDDC) either using API’s or UI. We are solving the problem to auto register, discover, connect VPN’s between VMC SDDC’s on single click event. The Distributed Firewall DFW firewall policies are also mapped on user inputs from on-premises to VMC SDDC using this interface.

Federated Machine Learning on Kubernetes

Federated Machine Learning (FML) is one of the most promising machine learning technologies to solve data silos and strengthening data privacy and security, which is accepted by more and more financial organization. FATE is an opensource project hosted by Linux Foundation to provide a federated learning framework. FATE has been used to increase the performance of predictions in credit reporting, insurance and other financial areas, as well as surveillance and visual detection projects. It helps organizations to comply with strict privacy regulations and laws such as GDPR and CCPA.

This Fling provides a tool to quickly deploy and manage a FATE cluster by either Docker-compose or Kubernetes. Its features include:

Test and develop models in Jupyter using Federated Machine Learning technologies;
Build a FATE cluster with full life-cycle management of federated learning platform.
In the Fling, a command line tool talks to Kubenetes to initiate an entire FATE cluster. The Fling includes a sample configuration which can be used to quickly deploy and try out federated learning. The configuration can be customized based on actual requirements.

VMware Container For [email protected]

VMware Container for [email protected] Home is a docker container for running folding at home client. This container is supported on both Docker standalone clients and on a Kubernetes Cluster. Optional command line toggle GPU support on or off as well as all other common FAH client command line in puts.

The [email protected] container is configured to automatically join Team VMware ID 52737. Everyone is welcome to join! Check out http://vmwa.re/fah for team and individual statistics.

Updated flings

FlowGate

In enterprise data centers, IT infrastructure and facility are generally managed separately, which leads to information gaps. Collaboration between facility and IT infrastructure systems are limited or manual, and virtualization adds more complexity.

The goal of Flowgate is to make facility awareness in IT management system and make IT operations management and automation better on high availability, cost saving and improved sustainability, with more information on power, cooling, environment (e.g. humidity, temperature) and security.

Changelog

Version 1.1.2 Update

  • Add Chassis support in API
  • Add PDU phase data.
  • Upgrade Springboot from 1.4.7 to 2.3.7

VMware Machine Learning Platform

The goal of vmlp is to provide an end-to-end ML platform for Data Scientists to perform their job more effectively by running ML workloads on top of VMware infrastructure.

Changelog

Version 0.3.0

  • Federated ML based on FATE
  • Istio 1.4.9
  • Horovod 0.19.2
  • Upgraded major components (MLflow 1.10.0, Pandas 1.0.3 and others)
  • Important stability bug fixes
  • Added documentation

Includes contributions from: Jiahao “Luke” Chen (bug fixes and Federated ML/FATE integration),
Shan Lahiri (Getting Started Guide), Jason Hutson (relentlessly debugging Kubernetes on VMware
infra), Nick Ford (sorting out VMware NSX Advanced Load Balancer/AVI Networks configuration and issues)

Demo Appliance for Tanzu Kubernetes Grid

A Virtual Appliance that pre-bundles all required dependencies to help customers in learning and deploying standalone Tanzu Kubernetes Grid (TKG) clusters running on either VMware Cloud on AWS and/or vSphere 6.7 Update 3 environment for Proof of Concept, Demo and Dev/Test purposes.

Changelog

Aug 10, 2020 – v1.1.3

  • Support for latest TKG 1.1.3 release
  • Support for TKG Workload Cluster upgrade workflow from K8s 1.17.9 to 1.18.6
  • TKG Crash Diagnostic utility (crash-diagnostics) included in appliance
  • Helm (3.2.4) included in appliance
  • Updated to latest version of Harbor (1.10.3), Docker Compose (1.26.2), Kubectl (1.18.6), Octant (0.14.1) and TMC (d11404fb) CLI in appliance
  • PowerCLI script to automate 100% of pre-req for running on TKG on VMware Cloud on AWS

TKG-Demo-Appliance-1.1.3.ova
MD5: 86ce0c263ebcb6d20addcb6e1767e55a

Infrastructure Deployer for vCloud NFV

Infrastructure Deployer for vCloud NFV is an automation-based deployment tool used for setting up the VMware vCloud NFV platform

Changelog

Version 3.3 Update

  • Updated RAID version from 3.2.1 vCloud NFV VCD to 3.3 vCloud NFV OSE (OpenStack Edition)

Workspace ONE UEM SCIM Adapter

Workspace ONE UEM SCIM Adapter provides SCIM user/group management capabilities to Workspace ONE UEM. The middleware translates the System for Cross-Domain Identity Management, SCIM, to a CRUD REST framework that Workspace ONE UEM can interpret. This capability allows Workspace ONE UEM to synchronize cloud-based identity resources (users/groups/entitlements) without the need for an LDAP endpoint (service to service model). Examples include Azure AD, Okta, and Sailpoint.

Changelog

20.08 Release Notes & Update:

**Please Note:** If you have already setup WS1 SCIM Adapter, it is possible that moving to 20.08 will create new accounts. Please consider resetting Directory Services configuation for the OG you are connecting to.

New Features:

  • Deployments now exclusively supported on Docker. See install instructions for more details on how to orchestrate the deployment using the included Helm chart.

Bugs Fixed:

  • createGroup returns unexpected error due to missing payload return

Other Notes:

  • Bitnami deployment script introduced in 20.03 has been deprecated. Although it is still possible to deploy on Appliance form-factors, future development will be exclusively supported on Docker.

VMware OS Optimization Tool

I have read in plenty of places that people managed to mess up their image with OSOT and that they’re never going to use it anymore and even worse accept unoptimized images in production. This is the wrong choice in my opinion. please use osot or other ways to optimize your image but think about what you need to optimize and test it!

Changelog

August, 2020, b1171 Version Update

Optimizations

Disable Passive Polling is no longer selected by default as this was shown to cause issues with some applications thinking they did not have internet connectivity. Note that this optimization entry was previously incorrectly named as Enable Passive Polling.
Added new setting to Use WDDM graphics display driver for Remote Desktop Connections.

UI Improvements

Brand new interface functionality to allow searching of the optimizations to find specific entries. This is available on both the Optimize and My Templates tabs and allows you to find and view settings based on what you type in.
Added a grid splitter to extend area of left tree view under My Templates.

Common Options

New controls to simplify keeping Cortana search and how the search box appears in the taskbar.

Generalize

New option to specify the Administrator account to use after running SysPrep. This defaults to the current user account. The account specified is also added to the Administrators and Remote Desktop Users groups.
New option to perform an automatic restart after the Generalize task has completed.

Bug Fixes

  • Common Options settings were reset after an optimization. These should now be retained.
  • Changed the way the default profile was used to ensure that this works when OSOT is run using the system account.
  • Windows Syspart Repair was being prevented from being disabled properly.
  • Windows Superfetch was being prevented from being disabled properly.
  • Windows Update was sometimes not disabled properly after running a generalize.
  • Updated templates were saved to the wrong location.

August, 2020, b1170 Update

Templates

New combined template for all versions of Windows 10 and Windows Server 2016 and 2019. Optimizations can have optional parameters to filter the version that a setting is applied to.

Optimizations

Turn off NCSI is no longer selected by default as this was shown to cause issues with some applications thinking they did not have internet connectivity.

New Optimizations added and some removed, For details see: https://techzone.vmware.com/resource/vmware-operating-system-optimization-tool-guide#Template_Updates

Bug Fixes

  • Fixed issues with re-enabling Windows Update functionality on Server 2016 and 2019.
  • Fixed issue that was preventing Windows Antimalware from being disabled properly.

Common Options

Changed interface and language on the Common Options page for Windows Update to remove confusion. This option can only be used to disable Windows Update as part of an optimization task. To re-enable Windows Update functionality, use the Update button on the main menu ribbon.

Guides

Updated OSOT user guide: VMware Operating System Optimization Tool Guide.

App Volumes Migration Utility

App Volumes Migration Utility allows admins to migrate AppStacks managed by VMware App Volumes 2.18, to the new application package format of App Volumes 4. The format of these packages in App Volumes 4 have evolved to improve performance and help simplify application management.

Changelog

1.0.4 Version Update

  1. Fix for “AppVolumes Manager is invalid” error shown in the UI when connecting to App Volumes Manager 4 version 2006.
  2. Fix for the bug “failed to get old appID from YML entries” in the AppCapture.log during migration of appstacks.

USB Network Native Driver for ESXi

USB has become one the most widely adopted connection type in the world & USB network adapters are also popular among Edge computing platforms. In some platforms, there is either limited or no PCI/PCIe slots for I/O expansion & in some cases, an Ethernet port is not even available. Another advantage of a USB-based network adapter is that it can be hot-plugged into an system without a reboot which means no impact to the workload, same is true for hot-remove.

This Fling supports the most popular USB network adapter chipsets found in the market. The ASIX USB 2.0 gigabit network ASIX88178a, ASIX USB 3.0 gigabit network ASIX88179, Realtek USB 3.0 gigabit network RTL8152/RTL8153 and Aquantia AQC111U. These are relatively inexpensive devices that many of our existing vSphere customers are already using and are familiar with.

Changelog

Aug 24, 2020 – v1.6Add

  • support for Aquantia and Trendnet AQC111U (0xe05a:0x20f4)
  • Add support for Realtek RTL8153 (0x045e:0x07c6)
  • Add support for Realtek RTL8156 (0x0bda:0x8156)
  • Support for persistent VMkernel to USB NIC MAC Address mappings
  • Simplified USB NIC persistency
  • Resolved link speed issue for RTL8153 chipsets

Note 1: There are known issues when using Jumbo Frame 9K for RTL* chipset, this is still being investigated. For now, only up to 4K is supported.

Note 2: This will be the last release which will include support for ESXi 6.5

ESXi700-VMKUSB-NIC-FLING-39035884-component-16770668.zip
ESXi670-VMKUSB-NIC-FLING-39203948-offline_bundle-16780994.zip
ESXi650-VMKUSB-NIC-FLING-39176435-offline_bundle-16775917.zip

Get your code ready for the first VMware{Code} CodeCon scripting contest by ControlUp (Including a getting started)

When the idea was pitched to the VMware{Code} Code Coaches for a Code Connect event I thought it would be fun to have a small scripting contest of the main Hackathon. Since I am employed by ControlUp the idea is to combine this with the script actions that are available in our very own Real-Time Console. I will show a bit later how this works but for me this functionality is super-cool and was on of the the main reasons I wanted to work with ControlUp.

The goal is to create one (more if you have time) script that can be run by right clicking an object in the Console and performing whatever action that you want the script to take. In our community library (or on GitHub) there are over 300 tested and ready to use scripts that have proven themselves for our customers. You can go as crazy as you want. Want to start a docker container doing a full file index when CPU load goes over 50%? No idea why you would want to (to each his own) but if you can script it you can enter it in the contest. Keep in mind, though, that we don’t have support for containers at the moment.

Sounds great!, But what is ControlUp?

ControlUp is way more than the EUC monitoring tool you might think it is. With connections to all major hypervisors available it’s the perfect tool for managing your virtual infrastructure. With features like Automated Actions, controllers for registry, file system and services an admin’s life can be made infinitely easier. It’s time to do away with all those annoying tickets and focus more on the exciting parts of life.

Getting started

Note: if you already have an existing ControlUp environment that you can use there’s no need to do this again.

The easiest way to get started (and I know you’re not going to believe this) would be to point to our quick- start guide. But you know what? I don’t just want to do that. For this contest, it’s sufficient to have a single domain joined desktop and whatever environment you want to develop the script for. When you have this head over to ControlUp.com to start your free 21 day trial. Enter your email and in just a few minutes, you’ll have a download link in your inbox that includes a short video on how to register. Keep in mind that the trial is for two weeks, so don’t start too far in advance of the contest or you will be set back to the basic license level, which doesn’t include some of the features you might need.

Note: if this happens to you, please contact me in that case and I’ll see what I can do for you.

The zip file that you’ll download has the ControlUp Console in it, so there’s no need to install anything at first. Just start the Console, create a new account (if you don’t already have one), and define an environment name. Make up an organization name and you’re done with the first part (yes, it really is that easy).

Next up is creating folders and adding Computers. If you want you can add your vCenter server and EUC environments. With this you’re set to get started on your script. Add at least the computer you are running the console from so you have something to work with.

Script Actions

Adding scripts

So, how do we use script actions? First, you’ll need to add some to your local library by downloading them or creating your own. Start with clicking the Script actions button.

Once you’ve done that, you can download existing scripts from our repository by clicking “add script” when you find something that interests you.s. These scripts will be available under the Organizational Scripts tab. From  the My Draft Scripts tab. you can create your own scripts (and, not going to lie: it’s really fun).

Editing Scripts

When you create or edit a script, you will be served a page where you need to define a name and description. If you want to submit scripts to the ControlUp Script Library, be sure to choose these carefully.

Next, you can select what you want to run this script against; the options include Computer, Host, Session, process, and scores of others. Select advanced if you want to run it against multiple types of metrics. What I mean with running against will be explained in the Running Scripts chapter.

Execution context is where the script will run. This can be the machine where the console is running, target machine, or some other machine. :A great option would be a machine that’s available in the console that some Powershell modules installed. Security context is the account under which the scripts will run. If we’re talking about a Target machine, the script will run under the account that is used for the agent (most likely the network service). If you want to create a specific account to run your scripts under, you’ll need to add a monitor and create a shared credential;, both will be explained in the chapter on bonus points.

Now, we’re cooking with gas! The next screen is where you actually create the script; I would recommend that you use your favorite editor and copy/paste it here. Under “script type,” you can select cmd/VBS/Powershell for the script type you want to run. If you want to use metrics from the Console as an argument in your scripts [in Powershell], you can define them like this:

[string]$HVConnectionServerFQDN = $args[0]
# username
[string]$HVUsername = $args[1]
# Name of the Desktop pool
[string]$HVDesktopPoolname = $args[2]
# The message as a string
[string]$HVMessage = $args[3]
# Message severity
[string]$HVMessageSeverity = $args[4]

In the end it might look like this:

As always, I recommend documenting your solution in the script itself so it’s always visible. This applies even more for the scripting contest since it’s quite handy to know what solution you wanted to tackle.

On the last screen, you can add arguments that can be used in the script. These can come from metrics that we provide in the grid or from manual input by the user with or without a default. The choice that you made at the second screen impacts the available metrics that you can select from the grid here.

When you’re done hit finish to be able to use the script.

Using scripts

To use a script right click an object that you want to run the script against, potentially filter for the name in the search box and select the script.

Depending on the arguments you’ve made, you might see a box that prompts you to enter details that were configured in the arguments (or you’ll get the results of the script).

Possible bonus points when using Automated Actions

By deploying a so called monitor from ControlUp it’s possible to add some very interesting functionality. To make things a little bit more challenging (it’s actually very easy to setup a monitor) I’ll you you find out yourself on how to do it.

Triggers are, in essence, tasks that get started when a metric goes over or under a defined threshold. These tasks can be sending emails, recording event logs, or playing a sound, but they can also  run an action, aka a script. If you explain in your script how to use it as an automated action to solve a problem, you might just get some bonus points for it. Popular examples are: paging out all active memory to the swap file when a user disconnects to free up memory or limiting CPU usage for certain processes if they gone haywire.

Submitting your entry

Just before the event there will be a breakout session with details on how you can submit your entry.

Judging

The judges will be announced during the event. Due to this being a virtual event, they can’t be bribed with booze, beer, stroopwafels (yum!) or other good food, because we can’t live on good promises.

Prizes

The winner will receive a prize, an interview with ControlUp, and will be able to present their script as the next ControlUp Script of the Month (yes, there WILL be a blog)! Maybe—just maybe—we might even throw something in for all contestants. Stay tuned!

Using the Horizon 8 swagger page

A couple weeks back when Horizon 8 was released they also made us happy with the Swagger page to browse the rest api methods. One thing it lacks though is a way to easily authenticate to actually try them. There is an Authenticate button but I couldn’t find any information on what it actually needs. While creating my previous blog post I was messing around with things and actually found a way to authenticate. First I tried to authenticate using the actual api method for that but trying any call afterwards still showed me as not being authenticated. You could copy/paste the access token though and you’ll see in the script how that might work, or check the 3rd screenshot.

Let’s have a look at the script.

$url = read-host "url for connectionserver"

$username=read-host "Username"
$domain=Read-host "Domain"
$password=read-host "Password" -AsSecureString

$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password) 
$UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

function Get-HRHeader(){
    param($accessToken)
    return @{
        'Authorization' = 'Bearer ' + $($accessToken.access_token)
        'Content-Type' = "application/json"
    }
}
function Open-HRConnection(){
    param(
        [string] $username,
        [string] $password,
        [string] $domain,
        [string] $url
    )

    $Credentials = New-Object psobject -Property @{
        username = $username
        password = $password
        domain = $domain
    }

    return invoke-restmethod -Method Post -uri "$url/rest/login" -ContentType "application/json" -Body ($Credentials | ConvertTo-Json)
}

function Close-HRConnection(){
    param(
        $accessToken,
        $url
    )
    return Invoke-RestMethod -Method post -uri "$url/rest/logout" -ContentType "application/json" -Body ($accessToken | ConvertTo-Json)
}
try{
$accessToken = Open-HRConnection -username $username -password $UnsecurePassword -domain $Domain -url $url
Set-Clipboard (Get-HRHeader -accessToken $accessToken).Authorization
}
catch{
    write-host "Error while authenticating"
}

To make it directly usable I have chosen to ask for web address of the server, username, domain and password and in the end I copy the token you need to the clipboard for you. Let’s have a look at it

No further output but I can paste what I have in the clipboard now in the Authenticate field at the swagger page, hit authorize and close.

And now I can try api calls, pulling machines from the inventory for example.

SO that’s how we can actually use the Swagger page to try api calls.

[HorizonRestAPI] Trying some of those new funky Horizon 8 REST api’s

In my last post I promised to provide some examples of those new REST api’s in Horizon 8. A couple of things that I will show:

I have changed how I run my scripts a bit in that I decided to go even lazier and store my credentials in an xml file:

$credential = Get-Credential
$credential | Export-CliXml -Path 'C:\My\Path\cred.xml'

and in my script I retrieve them

$url = "https://pod1cbr1.loft.lab"

$credentials=Import-Clixml .\creds.xml
$username=($credentials.username).split("\")[1]
$domain=($credentials.username).split("\")[0]
$password=$credentials.password

$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password) 
$UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)


function Get-HRHeader(){
    param($accessToken)
    return @{
        'Authorization' = 'Bearer ' + $($accessToken.access_token)
        'Content-Type' = "application/json"
    }
}
function Open-HRConnection(){
    param(
        [string] $username,
        [string] $password,
        [string] $domain,
        [string] $url
    )

    $Credentials = New-Object psobject -Property @{
        username = $username
        password = $password
        domain = $domain
    }

    return invoke-restmethod -Method Post -uri "$url/rest/login" -ContentType "application/json" -Body ($Credentials | ConvertTo-Json)
}

function Close-HRConnection(){
    param(
        $accessToken,
        $url
    )
    return Invoke-RestMethod -Method post -uri "$url/rest/logout" -ContentType "application/json" -Body ($accessToken | ConvertTo-Json)
}

$accessToken = Open-HRConnection -username $username -password $UnsecurePassword -domain $Domain -url $url

Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

Sessions

The first call I will show is immediately one of the more important ones: session information. Currently only local sessions seem to be available so we’ll have to wait for global session information. This is the call I will use:

$sessions=Invoke-RestMethod -Method Get -uri "$url/rest/inventory/v1/sessions" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

with this result

So s lot of data but less directly readable results than the soap api’s but we do see all of it including deeper levels. For applications we do see something new though.

Yes that’s actually the local application that the user launched. In this case it was through a Global Entitlement named Global_Notepad so it’s not showing that. According to the soap api’s this should also be shown there but they never do as far as I know.

Messages

One of the other things that we can do is send messages. For this we need to create an variable with the following information:

{
  "message": "Sample Info Message",
  "message_type": "INFO",
  "session_ids": [
    "7cdd624f-37d1-46c1-ab96-695a5d13956f"
  ]
}

To make it more fun I will send a message to all my desktop sessions I put those first into an variable

$desktopsessions=$sessions | where {$_.session_type -eq "DESKTOP"}

and I will create the json like this

[email protected]{
  "message"="Wouter is sending a message";
  "message_type"="WARNING";
  "session_ids"=$desktopsessions.id -as [string[]]
}

this I will convert to a json and use the Put method

[email protected]{
  "message"="Wouter is sending a message";
  "message_type"="WARNING";
  "session_ids"=$desktopsessions.id -as [string[]]
}
$body = $json | ConvertTo-Json
Invoke-RestMethod -Method Post -uri "$url/rest/inventory/v1/sessions/action/send-message" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) -body $body

As you see I get all status codes 200 back so I know it was a success and we do see that on the desktops as well.

Machines

So getting all machines is as easy as 1,2,3 with /inventory/v1/machines.

$machines=Invoke-RestMethod -Method Get -uri "$url/rest/inventory/v1/machines" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

Not a lot of new data, just less things we don’t need.

Reset

If you look good you’ll see that the machine I was showing is in the already used state. In my lab this happens because often I power down the lab while I still have some sessions running. Let’s reset this machine. What do we need for this first the api method and that’s /inventory/v1/machines/action/reset for requires:

Since I am far from fluent in REST api’s and json this took me a while to find out but I did it like this

$body=((Invoke-RestMethod -Method Get -uri "$url/rest/inventory/v1/machines" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)) | where {$_.state -eq "ALREADY_USED"}).id -as [string[]] | convertto-json
Invoke-RestMethod -Method Post -uri "$url/rest/inventory/v1/machines/action/reset" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) -body $body

so I use the method to pull the machines, filter on the state being “ALREADY_USED”, take the id of this as a string and convert that to json. When select the body I need to add the quotes and straight brackets because if it is a single string the json won’t be usable json. I will show it later with multiple systems that it’s not needed with multiples.

$body=((Invoke-RestMethod -Method Get -uri "$url/rest/inventory/v1/machines" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken))  | where {$_.state -eq "AVAILABLE"}).id -as [string[]] | convertto-json
Invoke-RestMethod -Method Post -uri "$url/rest/inventory/v1/machines/action/reset" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) -body $body

Horizon 8 released: Moar api’s!!

So yesterday every VMware EUC person was going wild because Horizon 8 was released. I won’t go into all the stuf that’s new because plenty of other folks have already done that (love the parentless instant clones though!). So what exactly are the new things looking from the API perspective? From the good old soap api’s I didn’t expect any changes and couldn’t find any either but a new api explorer page was published anyway. From the REST side a lot as changed. First of all here also a new api explorer page was published. Besides that an explanation of the API’s was actually posted on Techzone over here. On this page some excellent things can be found like there’s a swagger page now on your connection server: https://connectionserverfqdn/rest/swagger-ui.html as of now I haven’t found a way on the page itself to authenticate as you need an api key for the authorize button but that’s something I had requested anyway to make available.

But also a set of postman collections if that’s your preferred method to test api’s it has collections for all the Horizon releases that contained public rest api’s.

In the swagger ui it’s possible to browse all the api calls we can do and I’ll use that in later blog posts to actually do new things because I have seen a shitload of new possibilities!

 

The VMware Labs flings monthly for July 2020- Reach is back!

A couple of days late but I had  good excuse: I was away on a holiday. I needed it and enjoyed it and have a week left before I start work again. This month there was one new release and nine flings received an update. Overall it’s a EUC rich overview since no less than seven of those are Horizon / App Volumes related.

New Releases

App Volumes Packaging Utility

Updated flings

HCIBench

App Volumes Migration Utility

Horizon Session Recording

Power vRA Cloud

Horizon Reach

Desktop Watermark

App Volumes Entitlement Sync

vSphere Mobile Client

VMware OS Optimization Tool

New Releases

App Volumes Packaging Utility

This App Volumes Packaging Utility helps to package applications. With this fling, packagers can add the necessary metadata to MSIX app attach VHDs so they can be used alongside existing AV format packages. The MSIX format VHDs will require App Volumes 4, version 2006 or later and Windows 10, version 2004 or later.

Updated Flings

HCIBench

HCIBench is a VMware wrapper around VdBench or Fio to test the capabilities of your HCI environement. I would recommend always to test with your own settings so you can do an honest comparison.

Changelog

Version 2.4.0

  1. Fixed tvm deployment bug when specifying host
  2. enabled easy run to support stretched cluster
  3. fixed timezone issue on pdf report, and added more vSAN info into PDF report
  4. set testname and testcase as variables in grafana
  5. added CPU workload into fio config page
  6. updated rbvmomi to support vsphere 7.0+
  7. enhanced fio and vdbench graphite dashboards

MD5 Checksum: 0cfd6cc852e33e5ce32022a66539b4c9 HCIBench_2.4.0.ova

App Volumes Migration Utility

The App Volumes Migration Utility helps the users in moving from App Volumes 2.18 to App VOlumes 4 so app stacks don’t need to be reprovisioned.

Changelog

Version 1.0.3 Update

  • Field “uniqueId” is added in the metadata JSON for migrated appstacks.

Version 1.0.2 Update

  • Fix for fling bug 983.
  • The customer bug on the fling, exposed an un handled scenario.
  • Prior to migration if the appstacks registry database contained registry keys with embedded NUL
  • (\0) chars in their name, Migration fails.
  • This scenario has now been addressed with this update.

Horizon Session Recording

The Horizon Session Recording is a usefull tool when an Horizon Admin wants to be able to record sessions and see what the users are doing exactly when a problems happens.

Changelog

Version 2.1 Update

  • Many bugfixes in agent side

Power vRA Cloud

PowervRA Cloud is a PowerShell module that abstracts the VMware vRealize Automation Cloud APIs to a set of easily used PowerShell functions. This tool provides a comprehensive command line environment for managing your VMware vRealize Automation Cloud environment.

Changelog

Version 1.3

  • 4 x New Cmdlets for VMC
  • 5 x New Cmdlets for AWS
  • Powershell 7 on Windows Support
  • Bugfixes

Horizon Reach

If you don’t have any other 3rd partly tooling (like ControlUp, sorry gotta plug my employer 😛 ) to manage your Horizon environment than Reach is a very useful tool. This is not an update but a re-release, read below why.

Warning: Horizon Versions 7.10 through 7.12 have a known issue which can cause Horizon Reach to trigger a low memory issue on the Horizon Connection Server.

For Horizon 7.10, ensure to deploy Horizon 7.10.2. For 7.11 and 7.12, please refer to the following document here.

Desktop Watermark

The Desktop Watermark fling gives you the option to visible and unvisible mark the desktop that you are using.

Changelog

v1.2 – Build 20200713-signed Version Update

  • Added support for multiple displays.

App Volumes Entitlement Sync

The App Volumes Entitlement Sync flings helps an APp VOlumes admin to sync various App Volumes Environments like test/dev/prod or different pod’s for example.

Changelog

Version 4.1 Update:

  • Get App Volumes version from an API value which always returns the build number.
  • App Volumes 2006 and later has a problem with version 4.0 of the Fling in returning a string value.

vSphere Mobile Client

Manage vSphere from your phone or tablet with the vSphere Mobile Client fling, do I need to say more?

Changelog

Version 1.13.2 Update:

New:

  • Datastore details page (link from VM details page)

Improvements:

  • Fixed issues related to connecting to standalone ESXi VM console
  • Fixed issues when switching between servers

VMware OS Optimization Tool

Do you build golden images or templates? Than use the VMware OS Optimization Tool to optimize them!

Changelog

August, 2020, b1170 Update

Templates

  • New combined template for all versions of Windows 10 and Windows Server 2016 and 2019. Optimizations can have optional parameters to filter the version that a setting is applied to.

Optimizations

  • Turn off NCSI is no longer selected by default as this was shown to cause issues with some applications thinking they did not have internet connectivity.
  • New Optimizations added and some removed, For details see: https://techzone.vmware.com/resource/vmware-operating-system-optimization-tool-guide#Template_Updates

Bug Fixes

  • Fixed issues with re-enabling Windows Update functionality on Server 2016 and 2019.
  • Fixed issue that was preventing Windows Antimalware from being disabled properly.

Common Options

  • Changed interface and language on the Common Options page for Windows Update to remove confusion. This option can only be used to disable Windows Update as part of an optimization task. To re-enable Windows Update functionality, use the Update button on the main menu ribbon.

Guides

[Horizon]Creating applications using PowerCLI

Something I didn’t handle previously was the creating of applications in Horizon. Since they are always hard wired to a farm or desktop it might happen that you need to re-create these so automation is preferred.

When looking at the api call for creating an application I find that we need to create an objetc of the type VMware.hv.ApplicationSpec

After defining this spec we’ll see that two objects are needed: Data and ExecutionData. This is also visible in the API Explorer.

Let’s define both of these and see what the options are.

Looking at the API explorer for Data only the name is actually required while for Executiondata only the Executablepath and the desktop or farm id is required

(going lazy here and using vmware.hv.helper to get the farmid)

And now I can create the application itself

The VMware Labs flings monthly for June 2020

And another month gone, for some the Summer Holidays have already started while others might have to wait a few weeks or so. This month there have been two new fling releases and seven received an update.

New Releases

Workspace ONE App Analyzer for macOS

True SSO Configuration Utility

Update flings

Python Client for VMC on AWS

FlowGate

VMware OS Optimization Tool

VMware Event Broker Appliance

App Volumes Entitlement Sync

Unified Access Gateway Deployment Utility

vSphere Software Asset Management Tool

New Releases

Workspace ONE App Analyzer for macOS

The Workspace ONE macOS App Analyzer will determine any Privacy Permissions, Kernel Extensions, or System Extensions needed by an installed macOS application, and can be used to automatically create profiles in Workspace ONE UEM to whitelist those same settings when deploying apps to managed devices.

 

True SSO Configuration Utility

True SSO can be a though cookie to actually configure the True SSO Configuration utility might be help to help you with that.

This project is intended for the VMware Horizon customers in order to use True SSO Configuration Utility to help you configuring TrueSSO using View Connection Server, Enrollment Server and your Certificate Authoriry / Active Directory.

Updated Flings

Python Client for VMC on AWS

If Python is your favorite programming language the Python Client for VMC on AWS will help you in automating things for VMC.

Changelog

Version 1.1

  • Added support for Distributed Firewall.

FlowGate

Flowgate helps you integrate multiple systems like Infoblox, Pulse IoT center and PowerIQ with your IT management systems..

Changelog

Version 1.1

  • Refactor the powerIQ and Nlyte adapter to support more metrics and properties
  • Refactor the Metric api.
  • Enhance the manual facility mapping functionality, support pdu,switch and sensor mapping.
  • Support add IP and AssetName mapping.
  • Security bugs fixed.
  • largely reduce the images size

VMware OS Optimization Tool

If you are into EUC the VMware OS Optimization Tool is THE tool to optimize your images or at least the base to use for scripting those optimizations.

Changelog

June, 2020, b1160

Windows Update

Brand new option called Update that make it easier to re-enable Windows Update functionality on a Windows image that has previously been optimized and had this disabled.

This process has the following four steps:

  • Enable – Changes the required registry values, local group policy and enables the required services.
  • Windows Update – Starts the Windows update process and open the Windows setting page. You can run the Windows Update process as often as required and reboot, if necessary, before progressing to the next step.
  • Restore – Returns all settings to their original values. This will also disable scheduled tasks that get regenerated when a Windows Update runs.
  • Recommendations – After updating Windows, it is recommended that you rerun an optimize and then a finalize task.

Generalize

Completely redesigned interface that makes it easier to change the settings to customize the unattend answer file. These include:

  • Time Zone.
  • Input, system, UI, and user locales.
  • Administrator account autologon and password.
  • Copy Profile.

You still have the ability to view and edit the generated unattend answer file, if required, before execution.
Added cleanup of the local administrator profile before performing a copy profile including deleting the following registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\FileAssociationsUpdateVersion
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations

Finalize

Commands added to disable App Volumes services, if installed, before running the Finalize steps.

Common Options

Selections are now retained between runs. This makes it easier to rerun an optimize with the same common option settings.

Command Line

Standardization for the main command line options.

  • Optimize can be run with either -optimize or -o
  • Generalize can be run with either -generalize or -g
  • Finalize can be run as either -finalize or -f

Optimizations

Remove optimizations that, while not selected by default, can cause issues if selected:

  • CloudExperienceHost – CreateObjectTask (Disable Scheduled Tasks)
  • CacheTask (3 items)

Guides
Updated OSOT user guide: VMware Operating System Optimization Tool Guide.

VMware Event Broker Appliance

The VMware Event Broker Appliance provides functionality for event driven automation in your SDDC.

Changelog

https://github.com/vmware-samples/vcenter-event-broker-appliance/releases/tag/v0.4.1

App Volumes Entitlement Sync

The App Volumes Entitlement Sync Tool will read, compare and sync entitlements from one App Volumes instance to another.

Changelog

Version 4.0 Update:

  • Still supports 2.x App Volumes Managers
  • Added support for 4.x – both Application Packages and Legacy 2.x AppStacks
  • Fixes Application / Package relationships on replication
  • Saves manager address, username and domain to registry
  • Improved logging and error trapping
  • Able to sync Application Package Markers
  • Able to delete empty Applications
  • Detects and displays selected assignment type
    Displays the version of the CURRENT marker or shows if none is set
  • Shows App Volumes manager version on main page

Unified Access Gateway Deployment Utility

I personally prefer to deploy my uag’s using powershell but if you prefer a gui the Unified Access Gateway Deployment Utility will help you with that.

Changelog

1.1.0 Version Update

  • Bug fixes and minor improvements
  • New logo

vSphere Software Asset Management Tool

The vSphere Software Asset Management (vSAM) is a tool that collects and summarizes vSphere product deployment information.

Changelog

Version 1.2 Update

  • Show vSAN product information in the report.
  • Show unmasked license keys in the report as an option.
  • Add a License Inventory Table in the report.

 

[HorizonRestAPI] Handling Instant Clone Administrator accounts

One of the options already available using the Horizon REST API‘s is working with Instant Clone Administrators. In total there are 5 API calls available and I will give an explanation for al 5 on how to use them. As you can see you’ll run all of them against /rest/config/v1/ic-domain-accounts.

GET : for all Instant Clone Domain accounts

POST : to create a new Instant Clone Domain accounts

GET : To retreive a specific Instant Clone Domain account with it’s ID

PUT : to update an Instant Clone Domain account.

DELETE : To delete an Instant Clone Domain account

Getting Started

To start showing these I am starting with the same base that I used in my first blog post about the Horizon REST api’s:

$url = read-host -prompt "Connection server url" 
$username = read-host -prompt "Username" 
$password = read-host -prompt "Password" -AsSecureString 
$Domain = read-host -Prompt "Domain" 
$url = "https://pod1cbr1.loft.lab"


$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password) 
$UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)


function Get-HRHeader(){
    param($accessToken)
    return @{
        'Authorization' = 'Bearer ' + $($accessToken.access_token)
        'Content-Type' = "application/json"
    }
}
function Open-HRConnection(){
    param(
        [string] $username,
        [string] $password,
        [string] $domain,
        [string] $url
    )

    $Credentials = New-Object psobject -Property @{
        username = $username
        password = $password
        domain = $domain
    }

    return invoke-restmethod -Method Post -uri "$url/rest/login" -ContentType "application/json" -Body ($Credentials | ConvertTo-Json)
}

function Close-HRConnection(){
    param(
        $accessToken,
        $url
    )
    return Invoke-RestMethod -Method post -uri "$url/rest/logout" -ContentType "application/json" -Body ($accessToken | ConvertTo-Json)
}

$accessToken = Open-HRConnection -username $username -password $UnsecurePassword -domain $Domain -url $url

Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

GET

The regular get is really straight forward, just invoke a get and you get the results.

Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

As you can see I currently have 2 accounts configured.

POST

With post we can configure a new Instant Clone Domain account. Let’s see what we need. According to the API explorer it looks like we need to supply a domain ID, password and account.

To get the domain ID we’ll actually need to do a GET against another url:

$domains=Invoke-RestMethod -Method Get -uri "$url/rest/external/v1/ad-domains" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

Now I will create the json that we’ll need to configure the account. The $data variable is just a regular powershell array that  afterwards convert to the actual json

$domainid=$domains |select-object -expandproperty id -first 1

[email protected]{
ad_domain_id= $domainid;
password= "password";
username= "username"
}

$body= $data | ConvertTo-Json

Now let’s use the Post method to apply this

Oops, too slow let’s authenticate and try again

Invoke-RestMethod -Method Post -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) -body $body

There are a few remarks about this: no propper error is returned when a wrong username and password is used. Wen you try to create an account that already exists it will return a 409 conflict.

GET with ID

This is straightforward again, just extend the url for the get with the ID of the account you want to get. I grabbed this from the regular pul request and filtered on the user account I just created

$icaccounts= Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) 
$accountid=($icaccounts | where {$_.username -eq "username"}).id 
Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts/$accountid" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

PUT

Put can be used to change a users password. It’s requires a combination of the url with the ID from the get with id and a body like in the Post.

[email protected]{password="Demo-02"}
$body = $data | ConvertTo-Json
Invoke-RestMethod -Method Put -uri "$url/rest/config/v1/ic-domain-accounts/$accountid" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) -Body $body

DELETE

To delete an account simply use the url with the id in it with the DELETE method

Invoke-RestMethod -Method Delete -uri "$url/rest/config/v1/ic-domain-accounts/$accountid" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)