Is the vCenter box joined to the domain? Do you get any errors or just don't return any results?
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points
Is your level domain in mixed mode or 2000 mode (native mode) ?
There is an hotfix from ms for correcting an issue with an ldap request on this domain (LookupAccountName SID)
see vmware kb : 1025668
and mskb 976494
Works on 2008R2 with vcenter 4.1.
Maybe a solution or an entry for further research.
I have exactly the same issue and it's driving me nuts. I've set up a lab environment with a Windows 2008 Standard R2 domain controller and VCenter 4.1 running on a Windows 2008 Standard R2 member server. In VCenter if I attempt to add a user or group and give it permissions within VCenter I it fails with the error "The following names were not found: domain\username".
The weird thing is that I can add users or groups that were created by default with AD such as Administrator or Guest, but not any that I've created since. The AD install is completely vanilla with only a single DC running DNS, so no replication or trust issues to deal with.
Any AD guru's out there with an idea what could be causing this? For reference, if I right-click on an object in Windows explorer on my VCenter box I can apply ACL's containing the users and groups in question without issue, so it seems to be a VCenter / AD integration issue - not a Windows Server / AD issue.
looks like a lot of people have the same question; but no answers; does this mean the answer is really obvious; I would Imagine that A/D is supposed to make the authentication process closer to single-sign on but I really don't want to create local groups and users but can't browse the global A/D users and groups ; probably should take a Microsoft class I too am running 2008 R2 standard and Vcenter server 4.1 update 1
my answer was really obvious --- just go into local users and groups and the find button allows you to brownse the A/D users and groups
but I still can't figure out how to associate the vcenter server roles with the users and groups--- I go back to the docs
In some cases, people try to install and test VMware vSphere suit in virtualization environment.
After they decide to install ESX's and other ESXi's component on the VMware workstaition or Virtualbox or other virtualization product, they decide to install Windows 2008.
After they install windows 2008 they try to fully update it and make a clone of this virtual machine to speed up their work. But in this section must of the time they make a big mistake.
What is this mistake? Really they don't know how to do that. They think they can clone the runnig windows 2008 and after that all the things will work well. But unfortunantly they cause a big problem. and what is that? They don't know two windows 2008 with same SID's will not work properly.
So, in this case for do this work well you must try to do this:
1) Install winodws 2008 on product such as VMware workstation.
2) Fully Update the windwos 2008 (optional) for performance, robustness, and security issues.
3) Fully Clone this Virtual Machine.
4) In the cloning windows 2008, use tools called "Sysprep" for changing your new windows 2008 SID. You can find step by step guide in the following URL
5) Download tools named "PsGetSID" and make sure your windows 2008 SID's are not same. You can download it from the following URL:
6) And after that try to install Active Directory in one windows 2008 or Windows 2003 and Choose "windows 2000 functional level native" in domain and forest functional level.
7) Join second windows 2008 to your domain and install vCenter on that with the user with domain administrator credential, not local administrator credential.
And that's it. All the thing will work very well!!!
Still have the same problem. It's another solution for this.
As you know vmware vcenter using LDAP. What is that mean? mean's that you are using lightweight directory services. but why this is important? anybody know?
Maybe you know, maybe not. But this is really a problem. and what is that?
I remember when I have and domain controller with windows 2003, I decide to have second domain controller with windows 2008 runnig on that. But when I tried to do that what was happend? I try to make windows 2008 as second domain controller but it don't let me. Why? because you need to use some command-line tools to update you domain and forest functioning process. Yes that is a issue when you try to add second domain controller with windows 2008 runnig on that to a mian domian controller with windows 2003.
Here is the link that can help you to do that:
By the way, you must using addprep tools on the windows 2003, however the full process is demonstrate on that link. Same process can help you in situation you have. You have an domain controller that running on windows 2003 installed on it, and try to have communication between it and second domain controller with windows 2008 ldap. and what will happen? It will not work if you forget to proper the windows 2003.
And that's it!!!
Hi, thanks for an extensive a great answer! I did as you said and it works 100% now to add users om the domain. You really saved me a lot of precious time. I checked your blog as well and there's a lot of useful stuff on there .
A simple reboot of the vCetner appliance fixed the problem for me.
I was getting the "the following names were not found and could not be added vcenter" error message with a brand new install. Using vCenter 5 appliance and newly built 2008 R2 domain. After you configure it for AD authentication, you can see and search for AD users and groups but when selecting them you get the error message above. I have completed 3 installs now of the vCenter 5 appliance and each had the same issues until the reboot.
same issue here
vCenter 5 appliance
the following names were not founf and could not be added
from status Tab fixed the issue and I am able to add users now