VMware Cloud Community
Genka
Contributor
Contributor
‎10-29-2017 02:34 PM

vCenter permissions from AD groups not working

We have a 6.5u1 VCSA vCenter. If I login as admin@vsphere.local I can do everything, but if I login with an AD user which is in my 'vCenter admins' AD group I keep running into 'permission denied' errors. That group is given all the privileges right at the top of the tree and there are no specific permissions granted to me or the group anywhere else. We connect to AD using LDAP.

Is there anything like the Windows 'Effective Permissions' tool for vCenter? I'm sure I saw something about vCenter being incompletely linked to AD in some circumstances too but I can't find that one again.

Any ideas? This is a real pain.

0 Kudos
3 Replies
daphnissov
Immortal
Immortal
‎10-29-2017 03:38 PM

How have you configured your SSO identity source, and what is the size of your domain (objects)?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
Genka
Contributor
Contributor
‎11-05-2017 02:09 PM

It's set up to use LDAP to a cluster of 2012r2 DCs (we heard that using the AD setup could have this type of issues so avoided it).

This system has maybe 500 users, 50 groups and not that much else.

0 Kudos
daphnissov
Immortal
Immortal
‎11-05-2017 02:32 PM

Can you post some screenshots of your setup, the groups you've configured, their membership, and the identity source configuration?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos