A vSphere Domain Name is defined when you are first configuring a PSC 6.0, or it is retained when you are upgrading your existing SSO 5.5 environment. This is the name in which your vSphere Domain's backing directory service (VMware Directory Service) bases all of its Lightweight Directory Access Protocol (LDAP) internal structuring upon. With vSphere 6.0, you are able to give you vSphere Domain a unique name; however, make sure that you do not name it the same as any of the other Directory Services (OpenLDAP, Microsoft Active Directory) as this will cause conflicts with authentication. If you are upgrading from vSphere 5.5, your vSphere Domain Name will remain the defaultvsphere.local. Changing the name of your vSphere Domain once is has been configured is not supported.
Once you have defined the name of your domain, you are then able to populate it with objects in the form of Machines (PSCs, vCenter Servers, vRealize Automation, etc.), Users (firstname.lastname@example.org) or Groups (email@example.com). These objects can then be organized into individual logical sites.
Itsa new install of 6.0. I kept the vsphere.local domain which is my sso domain.
I am not really doing anything with the sso domain. I did add Active directory as ldap for authenticating my AD domain users.
not sure if I need to create additional users/groups in the sso domain other than just using firstname.lastname@example.org for configuration.
You can create additional local users. For example, the login would be Test.User@vsphere.local. I had to use this method in a previous configuration where we weren't using AD or LDAP authentication.
vSphere Domains Name
1. Each Platform Services Controller is associated with a vCenter Single Sign-On domain
2. The domain name is used by the VMware Directory Service (vmdir) for all Lightweight Directory Access Protocol (LDAP) internal structuring
2. Default domain name - vsphere.local for all vSphere versions
Condition I -
a. Your vSphere domain name is (vsphere.local) till vSphere 5.5 and you don't have option to change it.
b. If you are upgrading from vSphere 5.5 to 6.x then your vSphere domain name would remains same (vsphere.local) and you don't have option to change it.
Condition II -
a. When you install a Platform Services Controller, you are prompted to create a vCenter Single Sign-On domain or join an existing domain
Note :- To prevent authentication conflicts, use a name that is not used by OpenLDAP, Microsoft Active Directory, and other directory services.
You cannot change the vSphere domain to which a Platform Services Controller or vCenter Server instance already belong
1. You can organize SSO domains into logical sites.
2. A site in the VMware Directory Service is a logical container for grouping PSC instances within a vCenter Single Sign-On domain.
3. it’s time to name the site where this SSO server is going to live. This is Site A or you could give name of the city/environment where the server lives ( vSphere 5.5, 6.x)
CMDs to get info...
To find your SSO Domain Name:
/usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost
To find your SSO Site Name:
/usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost
To find you which PSC your vCSA is pointing to:
/usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost
/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h localhost -u administrator