VCenter is 6.5 using the appliance.
When I try to add users to permissions I can not search the domain users & groups.
When I sign on to SSO
I go to administration > configuration > Identity Sources
I see this
our.network.tgcsnet.com is my domain. and vcenter is domain joined.
Any ideas on why I can not see my domain users and groups?
Thank you,
Tom
Ok, so when you installed vCSA you have mistakenly called the internal SSO domain the same as your external Active Directory. That won't work, so now you'll have to delete the deployment and do it again. Don't change the vsphere.local part in the wizard as that is the SSO domain itself. It's not asking what your AD domain is called, and the two cannot be the same. Redeploy and leave vsphere.local as default.
You haven't added it yet as an identity source. Click the green plus icon and add it over IWA, which should be the first radio button. If your vCSA/PSC is joined to AD, there should be nothing else you need to fill out. Save the option and choose principals you wish from your AD and assign appropriate permissions within vCenter.
Please go through below post if it help you to resolve your issue.
How to add AD Authentication in vCenter 6.5 | Virten.net
you found my answers useful please consider marking them as Correct OR Helpful
Regards,
Randhir
How can I modify the first identity
I can not delete it or modify it.
I can delete localos the default one
The pencil next to the green plus sign is greyed out.
Randhir
I used that article to try to resolve this before I posted
but I can not modify or remove the first identity
Ok, so when you installed vCSA you have mistakenly called the internal SSO domain the same as your external Active Directory. That won't work, so now you'll have to delete the deployment and do it again. Don't change the vsphere.local part in the wizard as that is the SSO domain itself. It's not asking what your AD domain is called, and the two cannot be the same. Redeploy and leave vsphere.local as default.
Thanks that is what I was thinking also
Is there a document or procedure I can follow for this?
There are tons of blogs, here is just one: Step-by-Step: Deploy vCenter Server Appliance (VCSA) 6.5 -
On this step:
Use vsphere.local and don't use the FQDN of your external domain. This is the internal SSO domain that's being requested and has nothing to do with any other identity sources.
do you think I can modify this?
Run the installer again and change the SSO options?
No, delete your deployment and redeploy with the correct options. You can't fix it after the fact.
what do I do with the esxi hosts then?
Leave them as they are and join them once again to the new vCenter once it's online.
going to build a new vCenter and setting it up correctly first
I have Veeam Backup and replications running and I will have to modify all the jobs again.
So this way I an continue to work on it while backups are running etc.
I will then move the ESXI hosts over to the new VC
After rebuilding my VSCA I now can access my Active Directory.
Next up is to move all the ESXI hosts over.
Glad to hear. Mark your thread as answered, if you would please, so others know to follow suit if they have the same issue.