VMware Cloud Community
FM19999999
Enthusiast
Enthusiast
‎04-04-2017 12:01 PM

Add Identity source

I'm looking for documentation on how to add "active Directory as a LDAP server" configuration in vCenter via API/Powercli.

Can someone help?

0 Kudos
2 Replies
Eric_Allione
Enthusiast
Enthusiast
‎04-04-2017 01:31 PM

I could not find any sample scripts for that in the vSphere 6.5 Documentation Library, but these are cmdlet documentation pages you might want to look at:

Get-VMHost (http://pubs.vmware.com/vsphere-65/index.jsp?topic=%2Fcom.vmware.powercli.cmdletref.doc%2FGet-VMHost....)

Get-VMHostAuthentication (http://pubs.vmware.com/vsphere-65/index.jsp?topic=%2Fcom.vmware.powercli.cmdletref.doc%2FGet-VMHostA...)

Set-VMHostAuthentication (http://pubs.vmware.com/vsphere-65/index.jsp?topic=%2Fcom.vmware.powercli.cmdletref.doc%2FSet-VMHostA...)

-LeaveDomain (in book below but not on current cmdlet list, might be deprecated)

-NewVMHostAccount (http://pubs.vmware.com/vsphere-65/index.jsp#com.vmware.powercli.cmdletref.doc/index-all_cmdlets.html)

-RemoveVMHost (http://pubs.vmware.com/vsphere-65/index.jsp?topic=%2Fcom.vmware.powercli.cmdletref.doc%2FRemove-VMHo...)

If you have this book or can access Safari Books [Sellers, Philip. (2015). PowerCLI Cookbook. Birmingham: Pakt Publishing.], section "Joining an ESXi host into Active Directory" on page 7 goes into this a bit, although I'm not sure it's exactly what you're looking for. It says that you  need to use 'Getting readyPowerCLI' which has Get-VMHostAuthentication and Set-VMHostAuthentication (linked above). Then you will open PowerCLI to connect to a single host.  You would use Get-VMHost for that (also linked above).

Excerpt:

Because the cmdlets require a VMHost object you'll again be using Get-VMHost to either populate a variable or to pipe an object to the next object. The first step is to obtain a VMHost object for our target ESXi host. This can be done using the following command:

     $esxihost = Get-VMHost 192.168.0.241

Once you have your VMHost object, you can look at setting up the authentication. The Set-VMHostAuthentication cmdlet needs to be executed. The cmdlet requires several parameters to join an ESXi host to the domain. The syntax needed is displayed as follows:

     $esxihost | Get-VMHostAuthentication | Set-VMHostAuthentication - joinDomain -Domain domain.local -user username -password

From here, executing the cmdlet will prompt you to confirm that you want to join this host to the domain specified. If your answer is Y, as is default, the cmdlet will and execute it. It goes on to add that:

The same cmdlets can also be used to remove a host from a domain, if needed. The -LeaveDomain parameter is a part of the Set-VMHostAuthentication cmdlet and allows this need. In addition to setting u an ESXi host to accept Active Directory authentication, PowerCLI also provides a number of cmdlets to add local users, groups, and permissions inside a single ESXi host. The New-VMHostAccount cmdlet is used to create new users on an ESXi system. The same cmdlet previously allowed the creation of groups, but this functionality was removed with ESXi 5.1. There is a Set-VMHostAccount cmdlet to change accounts and group memberships, and a Remove-VMHostAccount cmdlet to remove a user or a group.

0 Kudos
FM19999999
Enthusiast
Enthusiast
‎04-05-2017 05:16 AM

It looks like that information is for adding a host to AD. I would like to add an identity source in vCenter  without joining the VCSA to a domain as documented here:

vSphere 6.0 Documentation Center and here http://www.virtuallyghetto.com/2012/10/how-to-addremove-vcenter-sso-identity.html

Instead of the GUI I'd like to use an API. The latter is for 5.x and I can't find that in 6.0.

Thanks

0 Kudos