VMware Cloud Community
Vikramaditya_J
Enthusiast
Enthusiast
‎06-15-2021 10:54 AM

Unable to add Active Directory domain user to the vCenter SSO, options greyed out

Hello Community,

I am trying to add a new AD domain user (i.e. add a new user from the configured Identity source on the vCenter server) under vCenter SSO, but the option of "Add User" is greyed out. Also options of Edit or Remove, Unlock, Enable, or Disable any existing users are all greyed out. There's no permission issue as I tried these option by logging-in as administrator@vsphere.local as well domain\administrator users into the vCenter, but no luck. However, interestingly the option of "Add user" under vsphere.local domain is available and I can add a vSphere local user under vsphere.local domain.

vCenter version: 6.7.0, 13639324 

I was able to add domain users from AD identity source a few days ago, but not sure why it's not working now.

Can anyone advise if there's a limit of number of AD users to be added to the vCenter SSO? Or is there any issue between vCenter and AD server synchronization? Or something else...?

Thank you!
Vikramaditya J
Labels (2)
Labels
Preview file
133 KB
0 Kudos
3 Replies
a_p_
Leadership
Leadership
‎06-15-2021 11:00 AM

I would be surprised if vCenter would offer an option to manage AD users.
You can add/remove AD users, and groups to local groups, or roles though.

André

0 Kudos
Vikramaditya_J
Enthusiast
Enthusiast
‎06-15-2021 11:36 AM

Thanks, André.

If you go to the vCenter Single Sign-on and under Users and Groups, if you select a configured identity source e.g. abc.xyz.com, then you'll see an option to Add User from abc.xyz.com domain to your vCenter server. After addition, you give that user a role e.g. Virtual machine user or Administrator etc. then the user will be able to login into the vCenter server using his AD domain account.

Hope I am clear.

Thank you!
Vikramaditya J
0 Kudos
sjesse
Leadership
Leadership
‎06-15-2021 11:59 AM

My guess is the trust broke if your using integraded authenticaton, I'd open a ticket with vmware to confirm, but I'd remove it from AD and add it again. If your using LDAP something is wrong with the users your are using to check the authentication with.