VMware Cloud Community
THME
Contributor
Contributor
‎12-08-2017 11:24 AM

6.5 Web Client - Can't see cross domain users in groups

In the vCenter Web Client, after adding a user to the Administrators group they don't show up in the Group Members list if they are not a part of the root domain that is specified as the identity source.

For instance, Identity Source is domain.xyz as integrated login.

Add users to the Administrators group:

  • If users are a direct member of the forest specified in the identity source, they should up under group members after being added
  • If the users are members of a forest that is trusted under that identity source, they do not show up in the group members list

As a test, I created a group that would contain ONLY those members in the domain that is outside of the identity sources forest and they still don't show up as group members.

I know the adds are working because I'm logging in with those accounts after they've been added so even though they're not showing up they are still there.

Two things:

  1. Is there a way in PowerCLI to see all members, regardless of domain, that are in a group?
  2. Can this get corrected so we can see these users through the web interface?
0 Kudos
5 Replies
mhampto
VMware Employee
VMware Employee
‎12-15-2017 11:51 AM

In the domain structure where do these domains reside? This should not be an issue though would like to know more about the structure.

0 Kudos
THME
Contributor
Contributor
‎12-19-2017 06:30 AM

They all reside within the same datacenter if that's what you mean. In terms of logical location, they are two-way trusted forests to the main domain which the vCenter appliance is joined.

0 Kudos
THME
Contributor
Contributor
‎12-19-2017 09:33 AM

I've opened a support case with VMware to get answers to this. I've seen other posts where people are asking how to see local vCenter Group membership within PowerCLI with no answer. Once I have an answer from VMware I will post it here. I also believe the group members not appearing in the vCenter Web Client when they're not a member of the identity source root domain is a bug that will have to be submitted but we'll see on that.

0 Kudos
vMattS78
Contributor
Contributor
‎04-17-2018 03:51 PM

Hello! Did you ever get an answer for this? We are facing the same issue.

Thanks!

0 Kudos
Frony7678
Contributor
Contributor
‎05-29-2018 07:27 AM

Hi,

Did you get any answer from VMware ? We have the same bug with 6.7.

Thanks,

Ronald

0 Kudos