AD integrated vcenter
Hi Experts,
I can't add AD credentials to vcenter. I joined the domain but when I got to Permissions tab I can only pull up (server) and vsphere.local. How can I get AD in there so I can add those accounts?
vcenter6
esxi6
thx.
I can't add AD credentials to vcenter. I joined the domain but when I got to Permissions tab I can only pull up (server) and vsphere.local. How can I get AD in there so I can add those accounts?
vcenter6
esxi6
thx.
Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
did you add AD as an authentication source in vCenter Server ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@Andrew - I don't think I did...where is that located?
@mrtortur - can I do this using the vsphere (c#) client?
@mrtortur - can I do this using the vsphere (c#) client?
No, you can't do it with the old vsphere client, you must do it in vsphere web client.
follow the link posted, but if you do not have the password for Administrator@vsphere.loca
otherwise you might as well re-install, import vCenter Server appliance again.
otherwise you might as well re-install, import vCenter Server appliance again.
ASKER
I have the password now. When I try to add a domain user it says I need to join the domain (I thought I already did this but apparently not). When I try to join the domain I get the error:
The "Join active directory" operation failed for the entity with the following error message.
Idm client exception: Error trying to join AD, error code [41953], user [mynmae@domain.com], domain [domain.com], orgUnit []
I am a domain admin.
The "Join active directory" operation failed for the entity with the following error message.
Idm client exception: Error trying to join AD, error code [41953], user [mynmae@domain.com], domain [domain.com], orgUnit []
I am a domain admin.
never get this one error, but it seems to be known. I found this KB :
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2117709
which speak of a particular cause (too much trusts on your domain..!) and resolution...
And this thread :
https://www.edge-cloud.net/2013/12/20/handling-vmware-vsphere-5-5-active-directory-integration-error/
Which is on the same error and symptoms but with another workaround..
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2117709
which speak of a particular cause (too much trusts on your domain..!) and resolution...
And this thread :
https://www.edge-cloud.net/2013/12/20/handling-vmware-vsphere-5-5-active-directory-integration-error/
Which is on the same error and symptoms but with another workaround..
ASKER
How do I join to the domain? I guess I need to do that first.
Are there two places that I need to join the domain...in esxi and then also in vcenter?
Are there two places that I need to join the domain...in esxi and then also in vcenter?
ESXi integration is optional and not required. Unless you want to use AD accounts to login directly to ESXi, e.g. other than root.
the articles linked to above show how to.
the articles linked to above show how to.
ASKER
What do you mean by 'esxi integration' is optional...I want esxi added to vcenter but my question is if I want ad integration so that I can login with my domain account do I have to have the host joined to the domain as well as vcenter?
How do I join the host and vcenter to the domain?
How do I join the host and vcenter to the domain?
What do you mean by 'esxi integration' is optional...I want esxi added to vcenter but my question is if I want ad integration so that I can login with my domain account do I have to have the host joined to the domain as well as vcenter?
NO.
You add AD as an Authentication Source to vCenter Server using the links posted above.
ASKER
oh I see. so if I added the hosts beforehand should I remove them from the domain?
Yes
but you don't have ESXi hosts joined to domain ?
I just seen you other comment in other post! So you had a host joined to domain.
This question, has nothing to do with hosts joined to domain.
but you don't have ESXi hosts joined to domain ?
I just seen you other comment in other post! So you had a host joined to domain.
This question, has nothing to do with hosts joined to domain.
Hi,
yes ESXi's hosts joined to domain is another topic, here we talk about vcenter and SSO integration with Active Directory, for your vcenter. And for ESXi's I don't see the point of using AD users, and I never configure nor use that option ever.
Please follow pasts links to add your domain as an AD identity source :
- my first link in priority, VMware KB2058298, which is a method I used really recently and worked for me.
- or else the other links I post, which describe another method to add your domain as an AD identity source
If one method does not seem to work then delete your new added AD identity source and do it again using another method.
yes ESXi's hosts joined to domain is another topic, here we talk about vcenter and SSO integration with Active Directory, for your vcenter. And for ESXi's I don't see the point of using AD users, and I never configure nor use that option ever.
Please follow pasts links to add your domain as an AD identity source :
- my first link in priority, VMware KB2058298, which is a method I used really recently and worked for me.
- or else the other links I post, which describe another method to add your domain as an AD identity source
If one method does not seem to work then delete your new added AD identity source and do it again using another method.