Solved

Unable to add active directory users permission on ESXI 5.5

Posted on 2013-11-07
10
7,086 Views
Last Modified: 2013-12-23
Hi,

ESXI 5.5 , added to the domain via Configuration tab > Authentication Services > Properites > Join Domain, this was successful and I can see the computer account in AD.

Turned on relevant services as far as I can tell under Security Profile > services

when I try to add a permission I can only choose users from the local server, I do not see our domain on the list (when I right click on the esxi in vsphere > Add Permission > Add.. > "domain" drop down list > only (server) appears.

Any ideas ?

tHanks.
0
Comment
Question by:iNc0g
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
10 Comments
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39638355
could you please check the networking part.

as login to ssh console and ping the domain,nslookup and default gateway.

remove and re join to domain. the behavior you explain this shows the esxi is not in network


please share the output.
0
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 39638566
Try rebooting the host or run: /usr/sbin/services.sh restart
1
 

Author Comment

by:iNc0g
ID: 39638576
I've SSHed to the ESXI , pinged the DC host name and it translated to the correct IP and has ping.

removed from domain and rejoined which is successful, but still cannot see users from AD when trying to select from the drop down list, only local users.

the ESXI is on the same network as the DC.

I connected to the ESXI which is on another site from the site I am in using vSphere and joined it to the domain, there shouldn't be a difference if I connect to the ESXI from the same network or a different one.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 17

Accepted Solution

by:
Spartan_1337 earned 500 total points
ID: 39638705
Pinging DNS isn't the issue here.
Can you please just restart the services first and then try adding AD users.
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39638888
Did you login to the vcenter server and join IT to the domain? If not, you can only add domain users to local esxi when you connect to local esxi directly.
0
 
LVL 8

Expert Comment

by:piyushranusri
ID: 39640653
can you verify these recommended setting are correct at part.
1. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003796

and if need to modify pls use nano command

please share the output
0
 

Author Closing Comment

by:iNc0g
ID: 39640878
The issue has been solved, I don't know if by restarting the services or by waiting until the domain controllers replicate within sites.

Thanks.
0
 

Expert Comment

by:FantomStryker
ID: 39736577
I too had the same issue with adding ESXi hypervisor 5.5 to domain with functional level 2012. What I ended up doing was creating the two groups in AD (case sensitive) "esx admins" (root equivalent) and "esx users" (read only) then joining the hypervisor to the domain using the administrator account. I then SSH into the host and reset the services by running the command "/usr/sbin/services.sh restart". After all that, I noticed that "esx^admins" appeared, but trusted controllers still showed "--". I was able to add the "esx users" to the permissions tab and users were able to use AD credentials to log in. Hope this works for you if its not too late.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question