?
Solved

VMware vCenter Server Login Authentication Using Active Directory

Posted on 2010-11-28
3
Medium Priority
?
1,335 Views
Last Modified: 2012-05-10
On my Win2008 R2 box with vCenter Server installed I can launch vSphere from a PC, log into vCenter, and gain access to all my ESXi boxes. Great, but apparently there is a very specific way to grant what users have access to vCenter. Could someone enligthen me to the correct method?

What I did was go into AD, created a group called ESX Admins, added users to that group. Then on the Win2008 R2 box hosting vCenter i granted ESX Admins full Administrator privledge. Is that right or wrong?


All the information I found online referred to AD authenication for ESXi hosts and not vCenter. Similar to the link below: http://ict-freak.nl/2010/09/12/how-to-configure-vsphere-4-1-active-directory-authentication/

Any suggestions or did I do it correctly?
0
Comment
Question by:First Last
3 Comments
 
LVL 16

Accepted Solution

by:
Danny McDaniel earned 1600 total points
ID: 34227978
That's one way to go about it, but the best practice is to create AD groups and then within vCenter, assign those AD groups to a specific role such as administrator or VM admin or a custom role with specific permissions you want them to have.  

http://www.vmware.com/pdf/vsphere4/r41/vsp_41_dc_admin_guide.pdf page 90
0
 
LVL 10

Assisted Solution

by:srgilani
srgilani earned 400 total points
ID: 34227991
The article you have mention is for ESX host, Whereas you require AD authentication on vCentre.

If you are AD admin as well then what you have to do is make ur vcentre machine part of ur domain and then in vcentre permissions add domain user / group and assign permission.

since i am not AD admin what i have done is added my in domain then create local groups on my vcentre like "Vsphere Admin" "Vsphere Power VM" etc and then add AD users in these groups. After this i simply add these local group in VCentre permission tab as appropriate and assign role made in vcentre.

Hope this will clarify.
0
 
LVL 1

Author Closing Comment

by:First Last
ID: 34230948
I created a group in AD called ESX Admins. From there I went into vCenter, Permissions, and added the group called ESX Admins to the Administrator Group in vCenter. It works!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question