Solved

VMware vCenter Server Login Authentication Using Active Directory

Posted on 2010-11-28
3
1,317 Views
Last Modified: 2012-05-10
On my Win2008 R2 box with vCenter Server installed I can launch vSphere from a PC, log into vCenter, and gain access to all my ESXi boxes. Great, but apparently there is a very specific way to grant what users have access to vCenter. Could someone enligthen me to the correct method?

What I did was go into AD, created a group called ESX Admins, added users to that group. Then on the Win2008 R2 box hosting vCenter i granted ESX Admins full Administrator privledge. Is that right or wrong?


All the information I found online referred to AD authenication for ESXi hosts and not vCenter. Similar to the link below: http://ict-freak.nl/2010/09/12/how-to-configure-vsphere-4-1-active-directory-authentication/

Any suggestions or did I do it correctly?
0
Comment
Question by:First Last
3 Comments
 
LVL 16

Accepted Solution

by:
danm66 earned 400 total points
ID: 34227978
That's one way to go about it, but the best practice is to create AD groups and then within vCenter, assign those AD groups to a specific role such as administrator or VM admin or a custom role with specific permissions you want them to have.  

http://www.vmware.com/pdf/vsphere4/r41/vsp_41_dc_admin_guide.pdf page 90
0
 
LVL 10

Assisted Solution

by:srgilani
srgilani earned 100 total points
ID: 34227991
The article you have mention is for ESX host, Whereas you require AD authentication on vCentre.

If you are AD admin as well then what you have to do is make ur vcentre machine part of ur domain and then in vcentre permissions add domain user / group and assign permission.

since i am not AD admin what i have done is added my in domain then create local groups on my vcentre like "Vsphere Admin" "Vsphere Power VM" etc and then add AD users in these groups. After this i simply add these local group in VCentre permission tab as appropriate and assign role made in vcentre.

Hope this will clarify.
0
 
LVL 1

Author Closing Comment

by:First Last
ID: 34230948
I created a group in AD called ESX Admins. From there I went into vCenter, Permissions, and added the group called ESX Admins to the Administrator Group in vCenter. It works!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If we need to check who deleted a Virtual Machine from our vCenter. Looking this task in logs can be painful and spend lot of time, so the best way to check this is in the vCenter DB. Just connect to vCenter DB(default DB should be VCDB and using…
The business world is becoming increasingly integrated with tech. It’s not just for a select few anymore — but what about if you have a small business? It may be easier than you think to integrate technology into your small business, and it’s likely…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question