emerson132
Enthusiast
Enthusiast

vCAC 6.1 AD Searches not resolving groups, but users accounts are fine

Jump to solution

Hi There,

I have a vCAC 6.1 distributed configuration, we are just using the Default Tenant for all of our users. Our Identity Store is configured to use Native Active Directory.

When I create a business group, when selecting users for the specific roles, if I enter and AD group name, no results are returned. However is I enter a user account name the account is returned.

Any idea as to how I can resolve this would be greatly appreciated.

Kind Regards

Dean

Tags (4)
1 Solution

Accepted Solutions
GMCON
Enthusiast
Enthusiast

Here is what works and VMware knows this is an issue, you have to put in the FQDN of the group.  So if you have a group called vmware-administrators you would put in vmware-administrators@corp.local.  Don't bother trying to hit the search button just type that group fqdn in the entry box and click okay at the bottom and it will resolve it and put it in the permissions.

View solution in original post

0 Kudos
11 Replies
emerson132
Enthusiast
Enthusiast

I'd also like to point out that, in other areas AD groups do resolve correctly e.g. in tenant configuration, I can specify a group Tenant Administrators, and Infrastructure Administrators

0 Kudos
Czernobog
Expert
Expert

I would open a ticket regarding this issue, resolving AD group names didn't work in 6.0 either. Just paste the AD Group name and press ok, it will be added to whichever role you assign it too. You can later search and assign it to your entitlements, searching for group names works there.

0 Kudos
GMCON
Enthusiast
Enthusiast

Here is what works and VMware knows this is an issue, you have to put in the FQDN of the group.  So if you have a group called vmware-administrators you would put in vmware-administrators@corp.local.  Don't bother trying to hit the search button just type that group fqdn in the entry box and click okay at the bottom and it will resolve it and put it in the permissions.

0 Kudos
amurrey
Enthusiast
Enthusiast

This workaround doesn't appear to work.  Typing in the FQDN to the box, and clicking add, it says to correct the highlighted errors, and the box named is highlighted, however there is no way to add data to it directly without the search.

0 Kudos
GMCON
Enthusiast
Enthusiast

Where are you trying to enter the group name?  If you are in Business or Fabric groups as long as you enter the group name as group@local.com (whatever the proper domain is) and then click okay at the bottom of the screen which saves the information then it should be fine because the search button will not work for groups.  Can you find regular users?

0 Kudos
emerson132
Enthusiast
Enthusiast

I have logged a ticket with VMware I will get back to you when they get back to me. However I do think just pasting the fqdn of the group into the box does actually work correctly, as I have tested this.

0 Kudos
JakeP
Enthusiast
Enthusiast

I just went through this exercise with vCAC 6.1. Here is the process I got to work:

1. Add the fqdn of the security group (ie. groupname@sub.domain.com) to the Business group by just putting the name in the field and clicking ok - do not hit enter or click the search icon as this will fail.

2. On the entitlement, make sure the correct Business group is selected in the drop down menu at the bottom.

3. Start typing the name of the group that you added to the business group in the users & groups field and it will resolve.

It would be nice if VMware would fix this.

kratclif
Contributor
Contributor

Same here - add the security group (search does not resolve), click OK and it added.  Thanks for the tip!!

0 Kudos
emerson132
Enthusiast
Enthusiast

I must apologise for the delay in response. The official response from VMWare was this was indeed the case, you need to copy and paste the group into field.

Not sure if they are planning to fix this.

AesanSun3
Contributor
Contributor

very annoying.

I just tried this on 6.1.0 build 2077124, and it will in no way add the group.

any solution to this ?

0 Kudos
SeanKohler
Expert
Expert


Group@domain

Click OK. Don't try to search for it.

Edit:

Businessgrouplookup.jpg

And you get...

Businessgrouplookup2.jpg

0 Kudos