Adding more than one domain as an vSphere identity source

Bill Courtney
Bill Courtney used Ask the Experts™

I am trying to add AD authentication to our new vsphere 6.5 system. I was able to add the 1st domain with no problem.
However the problem is I have a 2nd domain I wish to add. Is this even possible as at the moment I am not having
much success.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
VMware and Virtualization Consultant
Fellow 2018
Expert of the Year 2017
A number of methods to do this....

1. Trusts between domains (works, easy, and does not have any config to do with vSphere).

2. You have to add the second as LDAP

see here
Luciano PatrãoICT Senior Infraestructure  Engineer  


You mean adding Identify Sources in vCenter?

If yes, first one always need to be the vCenter domain (or named machine account with Integrated Windows Authentication). Best practices is to add that one first (not mean the default one), then you add second ones  you add as LDAP server.

In previous vCenter versions there were some issues (when using sub domain or different Forests) and the workaround was to add first LADP server to bypass some issues regarding trust between domains.

In this new versions (6.5 or 6.7) I did not saw those problems.

So first add you vCenter with Integrated Windows Authentication, then you can add the many domains you want using AD as LDAP.

Andrew shared a link from Florian that explain how to.

After you add all the Domains (identify sources) you can then choose your Default domain that will use SSO (when login no need to add domain, just userid).

Adding some extra information from VMware HERE.

Hope this helps in complement of Andrew answer.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial