it is windows 2008 r2 .however if you can help me to understand one basic thing.
i run get-addomain comand on this member server .
and found parent domain.
its like xyz.com and one childdomain of like river.xyz.com.
i see some users from pond.xyz.com unable to access vcenter .when i dont find pond.xyz.com as childdomain .i think there is no point of adding them in vcenter.is that right reasoning??
hope above makes sense .
Not 100% sure, but I assume you will need to add each child domain to the Identity Sources in vCenter.
oh i thought if i add parentdomain as identity source it will cover allchilddomains under it .howeveri am going to check this again. thnaks.
I've had similar issues in te past, for me it was due to how AD was designed /implimented.
I was adding Identity Sources for example ACME.COM, EXAMPLE.COM, ...
unfortunately, ACME.COM has child domains that i was unable to see so, couldn't see/add AD Users/Groups.
For me, the solution was to create a Machine Account in AD for the vCenter and join it to the domain (then remove the ACME.COM Identity source as it will complain about having more than one source for the same domain)
After this, i could add Users/Groups from child.ACME.COM (and search for them).
Hope this helps
thanks for yur response .i am checking this option .
if you or Luc can suggest
how to use
get-adgroup command to find all adgroups under child.xyz.com.
Try something like this
Get-ADGroup -Filter 'ObjectClass -eq "group"' -SearchBase "dc=child,dc=xyz,dc=com"
It looks as if you have an incorrect child domain, or your account has no permission to list that child domain.
I suggest to talk to your AD Admins.