Maybe this is a strange question but I would like to know if there's a way to disable Active Directory authentification on ESXi & vCenter
In fact, vCenter and ESXi are not joined to AD and when we run audit this parameter appear as non compliant :
Status of the 'Active Directory for local user authentication' requirement on the ESXi host
and to remediate I should use the below command
Get-VMHost HOST1 | Get-VMHostAuthentication | Set-VMHostAuthentication Domain [domain name] -User [username] -Password [password] -JoinDomain
As we aren't using the AD (we use another tools that allow us to connect to ESXi & vCenter called CyberArk) we need help to disabled this is that possible?
There is potential impact when you have permissions assigned to AD users/groups as Principal.
Another impact might be if you have used AD users/groups in other non-AD groups.
You can collect all Permissions and check if there is any AD principal involved.
The bad news is that there are currently no cmdlets, nor is there an API, to interact with SSO.
So if I have understood correctly, first step is that I need to collect all Permissions from all vCenter, then I can decide to remove the source entity or not, right?
by the way is there a script that can collect all permissions?