vCenter Server and Active Directory

You can configure vCenter Server to use the Microsoft Active Directory directory service for authentication purposes. Here is how it can be done:

1. First you need to configure vCenter Server Appliance to use directory services. Browse to your vCenter Server management interface at http://vcenter_server_appliance_fqdn:5480 and log in using the root username and password:

vcenter server appliance management log in

2. On the vCenter Server tab, click Authentication. Check the Active Directory Enabled check box and type the domain name and domain administrator user name and password:

vcenter server appliance management enable directory services

3. Now you need to reboot your vCenter Server. Click on the System tab and click Reboot:

vcenter server appliance reboot

 

Now you need to add Active Directory as an identity source. Here are the steps:

1. Log in to vCenter Server at https://[WEB_CLIENT_FQDN]:9443/vsphere-client. In the navigation bar on the left, click Administration. Under Single Sign-On, click Configuration:

vcenter server sso configuration

4. Click Identity Sources:

vcenter server sso identity sources

5. Click on the Add Identity source icon (the green plus sign) to add a new identity source. You will need to provide the following information:

Identity source type – select Active Directory as a LDAP server.
Name – type the domain name.
Base DN for users – type the Base DN for users. This parameter describes where to load users. If you’re using a default Active Directory setup, all user are located in the Users folder under your domain. Our domain is mydomain.local, so in LDAP form, that’s cn=Users, dc=mydomain, dc=local.
Domain Name – type the FQDN.
Domain alias – type the domain name.
Base DN for groups – type the Base DN for groups. This parameter describes where to load groups. In our case, the groups are located inside the Users folder.
Primary server URL – type the URL of your domain controller. Precede the URL with ldap://.
Secondary server URL – type the URL of your secondary domain controller, if you have one.
Username – type the domain administrator username.
Password – type the domain administrator password.

vcenter server sso active directory connection

7. Click Test Connection. If your parameters are correct, you should get the following message:

vcenter server sso active directory connection successful

8. Click OK to close the dialog box.

9. Under Single Sign-On, select Users and Groups and click the Groups tab:

vcenter server sso active directory groups

10. Under Group Name, select Administrators and click the Add member icon on the bottom of the screen:

vcenter server sso active directory groups add member

11. Select your AD domain:

vcenter server sso active directory groups add administrator

12. Select the user or the group you wish to add to Administrators and click Add:

vcenter server sso active directory groups add group

You can now log in to the vSphere Web client using a domain account:

vcenter server log in active directory users


VMware ESXi course

Geek University 2022