VMware Cloud Community
abhisheksha
Enthusiast
Enthusiast

Why cannot I see groups after the vCenter is added to the AD?

As per the screenshot, AD is successfully enabled and I even got the operation is successful line after configuring the AD. But, I cannot see any groups where I can add permissions for users.

Cap4.PNG

Cap5.PNG

4 Replies
a_p_
Leadership
Leadership

In order to use AD groups you need to add the AD domain to the "Identity Sources". Login to the Web Client as the SSO admin "administrator@vsphere.local", and select Administration -> Single Sign-On -> Configuration -> "Identity Sources" (tab)

André

sanjeevkumar82
Contributor
Contributor

Hi Abhishek, This is purely due to lack of Identity source. You need to add an Identity source to the Vcenter.

Login to Vsphere web client with administrator@vsphere.local

go to Home

go to Administration

then go to Configuration Tab

Then click on Identity source

Click on Add Button(+ sign)

Select the first option (Integrated mode with Windows)

it will pick up your domain name.

Press Ok and wait for a sec. It will start showing up Domain name in the Identity Source List.

Now go to Vcenter and click on Manage.

Select permission Tab and you will be able to see your domain there in the list.

-Thanks@ !

abhisheksha
Enthusiast
Enthusiast

Hi,

Thanks for the info. This helped. But, I've got the identity source configured. But, now when I go to Administration -> Users & Groups -> Users and select the source to be the AD domain, the list fails in populating throwing this error "Error: Idm client exception: Failed to establish server connection".

Can you please help?

Reply
0 Kudos
npadmani
Virtuoso
Virtuoso

see this KB for creating SPN

VMware KB: Creating and using a Service Principal Account in vCenter Single Sign-On 5.5

re-add your identity source once again using this KB please. See if that helps.

Narendra Padmani VCIX6-DCV | VCIX7-CMA | VCI | TOGAF 9 Certified
Reply
0 Kudos