I have found not all domain users or members of AD groups are able to logon to vcenter 5.1 when the account/group is not within the base DN. Problem is the users/groups are in different OUs. If I set the base DN to the root it takes ages to logon.
Can I create another identify source pointing to the same AD, but with different base DNs to start with?
Hi,
you can't do that, the domain name needs to be unique.
Regards
Yep. Tested that and that's definitely true So I have no choice but to move the base DN high enough up the tree to cater for all potential OUs that users might be in?
I guess yes.
Also make sure your identity source is a global catalog, this might speed up the lookup process.
Tim