Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Unable to add active directory users permission on ESXI 5.5

Posted on 2013-11-07
10
Medium Priority
?
7,300 Views
Last Modified: 2013-12-23
Hi,

ESXI 5.5 , added to the domain via Configuration tab > Authentication Services > Properites > Join Domain, this was successful and I can see the computer account in AD.

Turned on relevant services as far as I can tell under Security Profile > services

when I try to add a permission I can only choose users from the local server, I do not see our domain on the list (when I right click on the esxi in vsphere > Add Permission > Add.. > "domain" drop down list > only (server) appears.

Any ideas ?

tHanks.
0
Comment
Question by:iNc0g
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
10 Comments
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39638355
could you please check the networking part.

as login to ssh console and ping the domain,nslookup and default gateway.

remove and re join to domain. the behavior you explain this shows the esxi is not in network


please share the output.
0
 
LVL 17

Expert Comment

by:James H
ID: 39638566
Try rebooting the host or run: /usr/sbin/services.sh restart
1
 

Author Comment

by:iNc0g
ID: 39638576
I've SSHed to the ESXI , pinged the DC host name and it translated to the correct IP and has ping.

removed from domain and rejoined which is successful, but still cannot see users from AD when trying to select from the drop down list, only local users.

the ESXI is on the same network as the DC.

I connected to the ESXI which is on another site from the site I am in using vSphere and joined it to the domain, there shouldn't be a difference if I connect to the ESXI from the same network or a different one.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 17

Accepted Solution

by:
James H earned 1500 total points
ID: 39638705
Pinging DNS isn't the issue here.
Can you please just restart the services first and then try adding AD users.
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39638888
Did you login to the vcenter server and join IT to the domain? If not, you can only add domain users to local esxi when you connect to local esxi directly.
0
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39640653
can you verify these recommended setting are correct at part.
1. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003796

and if need to modify pls use nano command

please share the output
0
 

Author Closing Comment

by:iNc0g
ID: 39640878
The issue has been solved, I don't know if by restarting the services or by waiting until the domain controllers replicate within sites.

Thanks.
0
 

Expert Comment

by:FantomStryker
ID: 39736577
I too had the same issue with adding ESXi hypervisor 5.5 to domain with functional level 2012. What I ended up doing was creating the two groups in AD (case sensitive) "esx admins" (root equivalent) and "esx users" (read only) then joining the hypervisor to the domain using the administrator account. I then SSH into the host and reset the services by running the command "/usr/sbin/services.sh restart". After all that, I noticed that "esx^admins" appeared, but trusted controllers still showed "--". I was able to add the "esx users" to the permissions tab and users were able to use AD credentials to log in. Hope this works for you if its not too late.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question