I manage three different Active Directory forests. These were setup many years ago, they are three separate (private) companies, but all owned by the same CEO.
Well now it's 2014 and I am looking at vCenter. Presently I have the Essentials version of vCenter which is limited to three hosts, and I'm learning to use it at HQ. Ultimately I'd like vCenter Standard, and be able to manage the ESXi hosts at the other companies. I don't have my vCenter integrated with AD at the moment - I'm just using the vsphere.local default. As I am reading about enabking AD-integration with vCenter, it's looking like I have a problem. The hosts in the other domains/forests don't have the same domain in their FQDN.
Seems like this will prevent me from using AD-integration since I have more than one domain. But I should still be able to manage them all in one vCenter if I use vsphere.local, right?
You can use AD Integration without problem, take a look at this KB article for additional details if your forests are trusted: VMware KB: Microsoft Active Directory Trusts supported with VMware vCenter Single Sign-On
You can use AD Integration without problem, take a look at this KB article for additional details if your forests are trusted: VMware KB: Microsoft Active Directory Trusts supported with VMware vCenter Single Sign-On
Thank you so much! This is a big relief to know my design is supported.
Hi Richardson,
This never worked for me. I have xyz.corp and abc.net domains and there is a two way trust relationship between xyz.corp and abc.net. All is well until here.
Now I have installed vcenter on a server joined to abc.net domain and added the SG containing xyz.corp users to the Admin group in vcenter. After this when I try to login with a user from xyz.corp. It says invalid creds.
Wow, funny seeing this pop up 3 years later. I ended up just using vsphere.local without AD integration. I manage the servers in different AD domains from the single vCenter server, no issues.
Worked for me finally.