asked on vMWare User accounts and Role Administration in a AD Integrated Environment
I am managing a VMware v6x environment that is currently AD integrated. I have a question concerning how to manage roles in an AD integrated environment. Do I mange the users' roles from within AD using GPOs or do I manage the User Roles from within the Web Client? I need to determine the most expedient and secure method to manage User account roles within a VMware configuration that is AD integrated. I have a current AD group for example, AD_vSphere populated with all of the VMware users as members. Once again, should I control the Roles settings from within AD or the Web Client console?
Lipotech
Lipotech
VMware
Last Comment
Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
ASKER
Do I mange the users' roles from within AD using GPOs or do I manage the User Roles from within the Web Client? Should I 'ALWAYS' control the Role settings from within AD or the Web Client console? If I make a change from within the Web Console, will that change sync within AD?
I assume best practice in the case of AD integration would be to control the user account access and permissions from within AD using GPOs..?
I assume best practice in the case of AD integration would be to control the user account access and permissions from within AD using GPOs..?
This is VMware vSphere vCenter Server access ?
ASKER
Yes. This is VMware vSphere vCenter AD integrated access.
Lipotech
Lipotech
Okay, so you need to do both.
Create a user in AD, add to a group, and then add that group/user to Permissions in vCenter Server, and allocate a role in vCenter Server.
see here
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-FAA074CC-E8C9-4F13-ABCF-6CF7F15F04EE.html
Create a user in AD, add to a group, and then add that group/user to Permissions in vCenter Server, and allocate a role in vCenter Server.
see here
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-FAA074CC-E8C9-4F13-ABCF-6CF7F15F04EE.html
ASKER
Andrew,
So I must create the Group in AD and in vCenter?
Lipotech
So I must create the Group in AD and in vCenter?
Lipotech
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thank you.
no problems
e.g. you should have Groups Defined in AD, which you add users to in AD, and then those Groups are added to vCenter Server Permissions and Roles assigned.