I am managing a VMware v6x environment that is currently AD integrated. I have a question concerning how to manage roles in an AD integrated environment. Do I mange the users' roles from within AD using GPOs or do I manage the User Roles from within the Web Client? I need to determine the most expedient and secure method to manage User account roles within a VMware configuration that is AD integrated. I have a current AD group for example, AD_vSphere populated with all of the VMware users as members. Once again, should I control the Roles settings from within AD or the Web Client console?
e.g. you should have Groups Defined in AD, which you add users to in AD, and then those Groups are added to vCenter Server Permissions and Roles assigned.