VMware Cloud Community
THME
Contributor
Contributor

6.5 Web Client - Can't see cross domain users in groups

In the vCenter Web Client, after adding a user to the Administrators group they don't show up in the Group Members list if they are not a part of the root domain that is specified as the identity source.

For instance, Identity Source is domain.xyz as integrated login.

Add users to the Administrators group:

  • If users are a direct member of the forest specified in the identity source, they should up under group members after being added
  • If the users are members of a forest that is trusted under that identity source, they do not show up in the group members list

As a test, I created a group that would contain ONLY those members in the domain that is outside of the identity sources forest and they still don't show up as group members.

I know the adds are working because I'm logging in with those accounts after they've been added so even though they're not showing up they are still there.

Two things:

  1. Is there a way in PowerCLI to see all members, regardless of domain, that are in a group?
  2. Can this get corrected so we can see these users through the web interface?
Reply
0 Kudos
5 Replies
mhampto
VMware Employee
VMware Employee

In the domain structure where do these domains reside? This should not be an issue though would like to know more about the structure.

Reply
0 Kudos
THME
Contributor
Contributor

They all reside within the same datacenter if that's what you mean. In terms of logical location, they are two-way trusted forests to the main domain which the vCenter appliance is joined.

Reply
0 Kudos
THME
Contributor
Contributor

I've opened a support case with VMware to get answers to this. I've seen other posts where people are asking how to see local vCenter Group membership within PowerCLI with no answer. Once I have an answer from VMware I will post it here. I also believe the group members not appearing in the vCenter Web Client when they're not a member of the identity source root domain is a bug that will have to be submitted but we'll see on that.

Reply
0 Kudos
vMattS78
Contributor
Contributor

Hello! Did you ever get an answer for this? We are facing the same issue.

Thanks!

Reply
0 Kudos
Frony7678
Contributor
Contributor

Hi,

Did you get any answer from VMware ? We have the same bug with 6.7.

Thanks,

Ronald

Reply
0 Kudos