VMware Cloud Community
Hocshop
VMware Employee
VMware Employee
‎09-02-2020 08:03 PM
Jump to solution

Problem resolving AD users when adding new permissions.

Hi all,

I am seeing a strange issue that I feel is easy to solve but I don´t recall how to do it.

vCenter 7.0 latest build

I have added the vCenter to an AD domain

Then I added the Identity Source as IWA

Now when I try to add a permission and I select the domain name (in the dropdown box), when I type in the name of an AD user group, it does not resolve.

I have tried with various group names and user accounts and they do not resolve either.

Has anyone seen this behavior before and can tell me how to resolve it (maybe not using IWA)?

I already tried removing the identity source and leaving the domain then redoing it again but same result.

Regards

Tags (1)
1 Solution

Accepted Solutions
Hocshop
VMware Employee
VMware Employee
‎09-11-2020 02:19 PM
Jump to solution

Update,

I think I found the source of the problem.

I just found out that the domain functional level that they are using is at Win 2008 level.

That is not compatible with vCenter 7.0 and is not even supported by Microsoft anymore.

Here is the AD compatibility matrix just in case anyone else needs to find it:

VMware Knowledge Base

I hope that helps someone else.

Regards

View solution in original post

0 Kudos
3 Replies
Lalegre
Virtuoso
Virtuoso
‎09-02-2020 10:52 PM
Jump to solution

Hey Hocshop​,

I know it is a silly question but have you restarted vCenter afted joined it to the domain? It is needed for the search to work.

If you did that please also check inside the Active Directory if you can see the computer object populated and make sure there is no GPO applying restrictions. However if you have the computer account but you are applying GPOs please for testing create a new OU without any GPO applied to it and re-join the vCenter again but this time specifying the new OU Path.

Hocshop
VMware Employee
VMware Employee
‎09-03-2020 08:29 AM
Jump to solution

Hi Lalegre

Thanks for the reply.

I had doubts about the user account too.

What I am going to try is the following:

1) Add the identity source again but this time as AD over LDAP instead of IWA (I read that VMware is moving away from IWA in future releases anyway)

2) Try a different user account or move the existing user account to another OU.

I will also take into account what you mentioned.

Regards

Hocshop
VMware Employee
VMware Employee
‎09-11-2020 02:19 PM
Jump to solution

Update,

I think I found the source of the problem.

I just found out that the domain functional level that they are using is at Win 2008 level.

That is not compatible with vCenter 7.0 and is not even supported by Microsoft anymore.

Here is the AD compatibility matrix just in case anyone else needs to find it:

VMware Knowledge Base

I hope that helps someone else.

Regards

0 Kudos