VMware Cloud Community
lebron
Contributor
Contributor

ESXi 5.1 doesn't show the Active Directory groups to add permissions

Hi,

I joined my ESXi 5.1 to my new domain(2012 domain).

I went to the permission tab to add users for them to authenticate to the ESX with the Vsphere Client.

It all went well when I add users, however I still have some issues:

1. Not all users are shown under the "Users and Groups"

2. When change to "Show Groups First" I  cannot see any group which I've manually created in the Active Directory. All I can see is the built-in groups of the AD.

When I try to search for a name of a group it says that this group does not exist

3. I created the ESX Admin Group in the AD, But I cannot see it on the ESX.

In the pic you can see that it shows only the built-in groups from the AD.

ESX-Adding Groups.jpg

Please help.

Thank you.

Tags (2)
Reply
0 Kudos
9 Replies
rickardnobel
Champion
Champion

lebron wrote:

3. I created the ESX Admin Group in the AD, But I cannot see it on the ESX.

Did you create the group with the exact name of "ESX Admins" (not admin as above)?

Do you access the ESXi host directly and not by vCenter Server when looking at this?

My VMware blog: www.rickardnobel.se
Reply
0 Kudos
jdptechnc
Expert
Expert

Is the OU in which you created the groups generally readable (in this case, probably authenticated users would need read access)?

Please consider marking as "helpful", if you find this post useful. Thanks!... IT Guy since 12/2000... Virtual since 10/2006... VCAP-DCA #2222
Reply
0 Kudos
lebron
Contributor
Contributor

Hi,

I used the exact ESX Admins.

Regarding the Vcenter - I check the group while connecting directly to the ESX not to the Vcenter.

Should it matter?

Reply
0 Kudos
lebron
Contributor
Contributor

Sure. It is readable

Reply
0 Kudos
peetz
Leadership
Leadership

If you manually enter the name of an AD group in the "Groups:" line, and press the "Check Names" button then ... does this work?

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de
Reply
0 Kudos
PhillyDubs
Enthusiast
Enthusiast

I'm not sure you're having the exact same issue as I did, but VMware has a "feature" that you can only find things by searching for them based on how many objects you have in Active Directory. A "Feature". Try typing the name in the search field and see if it pulls up. This is assuming you followed the directions on properly configuring SSO with AD. Please also open a support case with VMware and they'll help you out.

VCP5
Reply
0 Kudos
WessexFan
Hot Shot
Hot Shot

I had this issue  a while back and I eventually dropped and readded vCenter from the domain and that fixed the issue. Forced a replication between domain controllers as well.

VCP5-DCV, CCNA Data Center
Reply
0 Kudos
lebron
Contributor
Contributor

Thank you guys,

I'll check what I can do here and come back to reply.

Reply
0 Kudos
lebron
Contributor
Contributor

Actually it doesn't.

It provides an error

Reply
0 Kudos