3 Replies Latest reply on Jul 27, 2018 3:22 AM by NBennett

    AD group in vsphere.local group doesn't work?

    fgl Hot Shot



      I've been going crazy trying to figure out why this scenario is not working.  I have setup a new VCSA 6.5 server and joined it to AD and then I added an Active Directory (Integrated Windows Authentication) identity source.  I then added an AD group that contains the AD user accounts I want to grant access to the vsphere.local Administrators group.  I am unable to login with any of the accounts in the AD group but if I add the individual AD user account into the vsphere.local Administrators group I am able to login with that AD account.  It almost seems like the VCSA doesn't know how to handle and parse down into an AD group.


      I've tried removing the identity source, disjoin from AD and rejoin and re-add the identity source to no avail.  I was going to try Active Directory as an LDAP server but I couldn't get it to add no matter what settings I tried and I know the LDAP setting are correct because I use the same settings on another application I have that does LDAP authentication.


      What is even more puzzling is that I had setup a test VCSA 6.5 server to document the exact procedure to follow when I setup this new VCSA 6.5 server and my test VCSA 6.5 server works with the AD groups as expected.


      Any suggestion is appreciated as I don't think I missed anything or did I?