?
Solved

Unable to add active directory users permission on ESXI 5.5

Posted on 2013-11-07
10
Medium Priority
?
7,444 Views
Last Modified: 2013-12-23
Hi,

ESXI 5.5 , added to the domain via Configuration tab > Authentication Services > Properites > Join Domain, this was successful and I can see the computer account in AD.

Turned on relevant services as far as I can tell under Security Profile > services

when I try to add a permission I can only choose users from the local server, I do not see our domain on the list (when I right click on the esxi in vsphere > Add Permission > Add.. > "domain" drop down list > only (server) appears.

Any ideas ?

tHanks.
0
Comment
Question by:iNc0g
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39638355
could you please check the networking part.

as login to ssh console and ping the domain,nslookup and default gateway.

remove and re join to domain. the behavior you explain this shows the esxi is not in network


please share the output.
0
 
LVL 17

Expert Comment

by:James H
ID: 39638566
Try rebooting the host or run: /usr/sbin/services.sh restart
1
 

Author Comment

by:iNc0g
ID: 39638576
I've SSHed to the ESXI , pinged the DC host name and it translated to the correct IP and has ping.

removed from domain and rejoined which is successful, but still cannot see users from AD when trying to select from the drop down list, only local users.

the ESXI is on the same network as the DC.

I connected to the ESXI which is on another site from the site I am in using vSphere and joined it to the domain, there shouldn't be a difference if I connect to the ESXI from the same network or a different one.
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
LVL 17

Accepted Solution

by:
James H earned 1500 total points
ID: 39638705
Pinging DNS isn't the issue here.
Can you please just restart the services first and then try adding AD users.
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39638888
Did you login to the vcenter server and join IT to the domain? If not, you can only add domain users to local esxi when you connect to local esxi directly.
0
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39640653
can you verify these recommended setting are correct at part.
1. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003796

and if need to modify pls use nano command

please share the output
0
 

Author Closing Comment

by:iNc0g
ID: 39640878
The issue has been solved, I don't know if by restarting the services or by waiting until the domain controllers replicate within sites.

Thanks.
0
 

Expert Comment

by:FantomStryker
ID: 39736577
I too had the same issue with adding ESXi hypervisor 5.5 to domain with functional level 2012. What I ended up doing was creating the two groups in AD (case sensitive) "esx admins" (root equivalent) and "esx users" (read only) then joining the hypervisor to the domain using the administrator account. I then SSH into the host and reset the services by running the command "/usr/sbin/services.sh restart". After all that, I noticed that "esx^admins" appeared, but trusted controllers still showed "--". I was able to add the "esx users" to the permissions tab and users were able to use AD credentials to log in. Hope this works for you if its not too late.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month4 days, 7 hours left to enroll

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question