15 Replies to “VMware vCenter Server and Active Directory”

  1. I have the issue in Client Integration Plugin. Windows session authentication is grayed out in vmware web client(IE browser). Can you assist me pls ?

  2. Thanks for this post. It seemed easy enough to accomplish, but having the walkthrough as a guide helped.

    Is there any functional difference between the 2 ways to do Active Directory lookups? It seems like 2 paths to achieve the same results (I went with the LDAP route).

    In any case, thanks for the write up and the clear screenshots. A picture says a thousand words and all that. Aloha 🙂

    1. I am leaning toward AD LDAP. In one instance I had to re-build, the trust relationship for the domain on vCenter had failed, subsequently causing database corruption. When you use AD LDAP, there is no trust relationship to be broken.

  3. Couple of questions.
    1) When I do a AD-LDAP identity source and the remote AD is the root domain of a forest. Will it leverage the global catalog of the root domain and find users across the forest or do I need to add each domain of the forest via a separate LDAP-AD connection?
    2) Is it possible also to use ldaps URL instead of ldap for LDAP-AD (or is Vmware might using STARTTLS for ldap)?

    1. You can use ldaps as well. I honestly don’t know if SSO will enumerate the entire domain, or just the root. Try it and let me know!

  4. Couple of questions from my side,
    1. I have a 3rd party web-plugin and plugin is only visible to the AD group “Domain Users” and Not able to other AD group user like “DEV” and “QA”

    2. Also for AD group “Domain Users” i gave different permission and i don’t see the appropriate role are set for the group users

    Note: I am using VCSA 6.0 and added AD as LDAP and set to default identity.

  5. Thanks for the helpful post. I have a situation i want to share and see what your thought(s) are on this.
    I have a security group that had limited access (VM Power USER Role) in vCenter. But two users in this group of about 15 users are all of a suddent unable to login to vCenter. FYI we use AD integrated windows authentication for login and its vcenter 5.5


  6. This post was exactly what I was looking for, so thank you! My project wants to implement “Active Directory as an LDAP Server” and bring in AD security groups, like you did with your vCenter Admins group, rather than individual users, but I’ve run into an error.

    I think I did everything right, but the logins do not work. I login in with, say, joe.vcenteradmin@my.domain, who is a member the vCenter Admins AD group, and get “authentication failed”. However, if I add just the AD user joe.vcenteradmin to the Administrators group in VCSA it works fine. Is it possible I missed a step?

    1. You might have to provide more detail.
      1. Add Identity source to vCenter using AD-LDAP
      2. Create a “Permission” associating the AD Group “vCenter Admins” with the vCenter Role “Administrator” in vCenter
      3. add “Joe” to the AD group “vCenter Admins”
      4. Log in as: joe@my.domain

Leave a Reply

Your email address will not be published. Required fields are marked *