Have you done this with #vRA 7? Multiple non-trust domains, two vRA appliances behind load-balancer in single instance of vRA. #VMware Does each appliance create a machine account in each domain?
I have two AD domains like I'm looking to add the resource domains within a single vRA 7 instance.
There is no trust between the two AD domains.
vRA Environment
nsx load-balancer
From the docs
Multi-Forest Active Directory Environment Without Trust Relationships
A multi-forest Active Directory deployment without trust relationships allows you to sync users and groups
from multiple Active Directory domains across forests without a trust relationship between the domains. In
this environment, you create multiple directories in the service, one directory for each forest.
See “Configure a Link to Active Directory,” on page 86. The type of directories you create in the service
depends on the forest. For forests with multiple domains, select the Active Directory (Integrated Windows
Authentication) option. For a forest with a single domain, select the Active Directory over LDAP option.
I ended up reading the documentation and even though our 'non-trust' domains are by definition 'forest' (has an empty root and resource domain), from vRA perspective we are pointing directly to the 'resource' domain. We were successful adding both Qa-resource and Prd-resource domains to both appliances. We were able to add both connectors with both domains. We have some testing to in an HA mode, the documentation on pg 95 vrealize-automation-70-configuration.pdf) states
The load balancer URL is <load balancer address>/vcac/org/tenant_name. when I attemped to type /vcac/org/tenant_name the UI stated it was successful, but it only kept the load-balancer name "vra.example.com"
we have a case open with vmware to provide additional information. Stay tuned!
I meant to say we used AD over LDAP. Not windows integrated option, much easier IMO.
By any chance do you have a VMware SE working with you? I'm seeing some parallels between your questions here and a few of the questions popping up on our internal forums. Could be coincidence
Grant
We do have a SE, TAM and a MCS case. I'm searching in the community if anyone else has run into 'things'. I'm a 'former MS MVP' who likes to engage the community. Are you Captain vRA? Like Captain vSAN?
It's good to see more community engagement
Last time I wore tights my wife nearly left me, so no... no Captain vRA for me!
I'll be interested to see how this pans out. I can test it in my environment, but just because things work doesn't mean they are supported. I'll leave that call to engineering and GSS.
Grant