Adding more than one domain as an vSphere identity source
Aloha,
I am trying to add AD authentication to our new vsphere 6.5 system. I was able to add the 1st domain with no problem.
However the problem is I have a 2nd domain I wish to add. Is this even possible as at the moment I am not having
much success.
Mahalo,
Bill
I am trying to add AD authentication to our new vsphere 6.5 system. I was able to add the 1st domain with no problem.
However the problem is I have a 2nd domain I wish to add. Is this even possible as at the moment I am not having
much success.
Mahalo,
Bill
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You mean adding Identify Sources in vCenter?
If yes, first one always need to be the vCenter domain (or named machine account with Integrated Windows Authentication). Best practices is to add that one first (not mean the default one), then you add second ones you add as LDAP server.
In previous vCenter versions there were some issues (when using sub domain or different Forests) and the workaround was to add first LADP server to bypass some issues regarding trust between domains.
In this new versions (6.5 or 6.7) I did not saw those problems.
So first add you vCenter with Integrated Windows Authentication, then you can add the many domains you want using AD as LDAP.
Andrew shared a link from Florian that explain how to.
After you add all the Domains (identify sources) you can then choose your Default domain that will use SSO (when login no need to add domain, just userid).
Adding some extra information from VMware HERE.
Hope this helps in complement of Andrew answer.