VMware Cloud Community
CopperBlue68
Contributor
Contributor
‎01-30-2017 07:55 AM

AD Authentication - Do I need to specify each user in Permissions tab?

Hi,

I'm after some advice please regarding AD authentication on ESXi 5.5 servers.

Firstly, I've created a domain called "TEST". Within this I've created a user called TEST\testuser (please excuse my lack of imagination with the names! ). Next, I've created an AD group called "ESX Admins" and added 'testuser' to it.

I've checked the value of Config.HostAgent.plugins.hostsvc.esxAdminsGroup on the ESXi server and it's set to the default, ie '"ESX Admins".

Now, I join the server to the TEST domain, which is fine.

My questions are these:

  • If I log into the vSphere client as "TEST\testuser", will it automatically grant me admin privileges on the server as I am a member of the ESX Admins group, or do I need to do further configuration user the Permissions tab?
  • If I need to do extra steps under the Permissions tab, do I need to set up an entry for each user in the ESX Admins group?

Many thanks.

0 Kudos
2 Replies
BenLiebowitz
Expert
Expert
‎01-30-2017 08:07 AM

Correct, any users in the ESX Admins group will automatically be granted Administrator access to the ESXi Hosts.  However, if you're using vCenter, you'll need to setup permissions separately. 

Also, if you want to setup any accounts that have "user" level permissions and not Administrator, you'll need to set those up separately.

Ben Liebowitz, VCP vExpert 2015, 2016, & 2017 If you found my post helpful, please mark it as helpful or answered to award points.
CopperBlue68
Contributor
Contributor
‎01-31-2017 12:15 AM

Thanks Ben, this is pretty clear.

0 Kudos