Adding more than one domain as an vSphere identity source

Aloha,

I am trying to add AD authentication to our new vsphere 6.5 system. I was able to add the 1st domain with no problem.
However the problem is I have a 2nd domain I wish to add. Is this even possible as at the moment I am not having
much success.

Mahalo,
            Bill
Bill CourtneyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
A number of methods to do this....

1. Trusts between domains (works, easy, and does not have any config to do with vSphere).

2. You have to add the second as LDAP

see here

https://www.virten.net/2017/01/how-to-add-ad-authentication-in-vcenter-6-5/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Luciano PatrãoICT Senior Infraestructure  Engineer  Commented:
Hi,

You mean adding Identify Sources in vCenter?

If yes, first one always need to be the vCenter domain (or named machine account with Integrated Windows Authentication). Best practices is to add that one first (not mean the default one), then you add second ones  you add as LDAP server.

In previous vCenter versions there were some issues (when using sub domain or different Forests) and the workaround was to add first LADP server to bypass some issues regarding trust between domains.

In this new versions (6.5 or 6.7) I did not saw those problems.

So first add you vCenter with Integrated Windows Authentication, then you can add the many domains you want using AD as LDAP.

Andrew shared a link from Florian that explain how to.

After you add all the Domains (identify sources) you can then choose your Default domain that will use SSO (when login no need to add domain, just userid).

Adding some extra information from VMware HERE.

Hope this helps in complement of Andrew answer.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.