VMware Networking Community
kiran001
Contributor
Contributor
‎03-08-2017 01:30 PM

Change Vcenter 6 AD Domain with NSX in production

All,

         We need to Change the Vcenter AD Domain to new one and there is no Trust relationship between the two AD,We also have NSX tied to this and in Production.To join a new AD we will need to rebuilt vcenter but the issue is NSX here ,I am trying to see what is the best path to do this or it is not possible?

ANy Idea appreciated.

0 Kudos
4 Replies
RS_IT
Enthusiast
Enthusiast
‎03-08-2017 04:29 PM

Hi ,

Below is the steps that i will follow in this case.

- Stop NSX manager Service to Sync with teh vCenter

- Change the AD Domain in vCenter Server

- Use Postman or any other rest client (NSX 62 api guide Page 426) will be helful here to do the AD  Binding Again with NSX

- Start NSX Manager service again to sync with vCenter.

Hope this helps.

NealeC
Hot Shot
Hot Shot
‎03-09-2017 01:25 AM

  1. Is your vcenter running on a windows machine or is it a VCSA?
  2. Are you talking about actually changing the domain membership of your VCSA/Windows-VC or just updating the identity sources so that users from yournewdomain.com can log in and administer VC/NSX?
-------------- If you found this or any other answer useful please consider the use of the Helpful or Correct buttons to award points. Chris Neale VCIX6-NV;vExpert2014-17;VCP6-NV;VCP5-DCV;VCP4;VCA-NV;VCA-DCV;VTSP2015;VTSP5;VTSP4 http://www.chrisneale.org http://www.twitter.com/mrcneale
0 Kudos
kiran001
Contributor
Contributor
‎03-09-2017 06:02 AM

  1. Is your vcenter running on a windows machine or is it a VCSA? Windows
  2. Are you talking about actually changing the domain membership of your VCSA/Windows-VC or just updating the identity sources so that users from yournewdomain.com can log in and administer VC/NSX?Change Domain membership
0 Kudos
NealeC
Hot Shot
Hot Shot
‎03-09-2017 08:54 AM

Ok, then changing the domain on the windows server that your VC is running on and then ensuring that your new AD is added as an Identity source to VCenter, via SSO config.

You will also want to, if you haven't already, moved your PSC(s) to the new domain too.

Ensure you have administrator@vsphere.local credentials to get access to SSO/VCSA whilst you're doing the move

-------------- If you found this or any other answer useful please consider the use of the Helpful or Correct buttons to award points. Chris Neale VCIX6-NV;vExpert2014-17;VCP6-NV;VCP5-DCV;VCP4;VCA-NV;VCA-DCV;VTSP2015;VTSP5;VTSP4 http://www.chrisneale.org http://www.twitter.com/mrcneale