Solved

Unable to add active directory users permission on ESXI 5.5

Posted on 2013-11-07
10
6,859 Views
Last Modified: 2013-12-23
Hi,

ESXI 5.5 , added to the domain via Configuration tab > Authentication Services > Properites > Join Domain, this was successful and I can see the computer account in AD.

Turned on relevant services as far as I can tell under Security Profile > services

when I try to add a permission I can only choose users from the local server, I do not see our domain on the list (when I right click on the esxi in vsphere > Add Permission > Add.. > "domain" drop down list > only (server) appears.

Any ideas ?

tHanks.
0
Comment
Question by:iNc0g
  • 2
  • 2
  • 2
  • +2
10 Comments
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39638355
could you please check the networking part.

as login to ssh console and ping the domain,nslookup and default gateway.

remove and re join to domain. the behavior you explain this shows the esxi is not in network


please share the output.
0
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 39638566
Try rebooting the host or run: /usr/sbin/services.sh restart
1
 

Author Comment

by:iNc0g
ID: 39638576
I've SSHed to the ESXI , pinged the DC host name and it translated to the correct IP and has ping.

removed from domain and rejoined which is successful, but still cannot see users from AD when trying to select from the drop down list, only local users.

the ESXI is on the same network as the DC.

I connected to the ESXI which is on another site from the site I am in using vSphere and joined it to the domain, there shouldn't be a difference if I connect to the ESXI from the same network or a different one.
0
 
LVL 17

Accepted Solution

by:
Spartan_1337 earned 500 total points
ID: 39638705
Pinging DNS isn't the issue here.
Can you please just restart the services first and then try adding AD users.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 39638888
Did you login to the vcenter server and join IT to the domain? If not, you can only add domain users to local esxi when you connect to local esxi directly.
0
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39640653
can you verify these recommended setting are correct at part.
1. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003796

and if need to modify pls use nano command

please share the output
0
 

Author Closing Comment

by:iNc0g
ID: 39640878
The issue has been solved, I don't know if by restarting the services or by waiting until the domain controllers replicate within sites.

Thanks.
0
 

Expert Comment

by:FantomStryker
ID: 39736577
I too had the same issue with adding ESXi hypervisor 5.5 to domain with functional level 2012. What I ended up doing was creating the two groups in AD (case sensitive) "esx admins" (root equivalent) and "esx users" (read only) then joining the hypervisor to the domain using the administrator account. I then SSH into the host and reset the services by running the command "/usr/sbin/services.sh restart". After all that, I noticed that "esx^admins" appeared, but trusted controllers still showed "--". I was able to add the "esx users" to the permissions tab and users were able to use AD credentials to log in. Hope this works for you if its not too late.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now