Not all organizations are willing to bind a persistent account into vRealize Orchestrator for interactions with Active Directory (AD); specifically for creating computer objects.
This workflow takes an input of AD Host, Username, Password, Port, SSL state, AD Distinguished Name and completes the add. This uses the AD plugin and several of the LDAP classes/constructors/methods.
SSL is enabled in the workflow by default.
Using this workflow you could create an XaaS blueprint for requesting machines, and include these fields as inputs in the form which will prestage the AD account in the specified OU during build without using a persistently bound service account.