Joining VCSA to Active Directory

Joining Active Directory with vCenter Server Appliance (VCSA) has been simplified with every generation of VCSA.

I will show the workflow how to connect a VCSA 6.7 to an Active Directory source. The process differs a little, depending whether you’re using the HTML5-Client or the Web-Client (Flash).

Requirements

  • VCSA hostname has to be FQDN and may not be an IP address.
  • You need to login with a member of systemconfiguration admins, which administrator@vsphere.local is by default.

Workflow

The workflow is divided into three steps

  • Join VCSA to ADS
  • Reboot
  • Add ADS as identity source

Step 1 – Join ADS

Flashclient

Login as SSO-Admin (administrator@vsphere.local)

Home > Administration > Deployment > System Configuration > Nodes > [select vCenter] > Tab „Manage“ > Active Directory > Join

HTML5 Client

Login as SSO-Admin (administrator@vsphere.local)

Menu > Administration > Single Sign-On > Configuration > Tab „Active Directory Domain“ > Join AD

Step 2 – Reboot VCSA

You need to reboot VCSA to apply settings. After reboot you’ll see a new computer object of VCSA in Active Directory.

Step 3 – Add identity source

To authenticate ADS users in vCenter, you need to add Active Directory as an identity source.

Flashclient

Login as SSO-Admin (administrator@vsphere.local)

Home > Administration > Single-Sign-On > System Configuration > Identity Sources > „+“

Choose Active Directory (Integrated Windows Authentication)

HTML5-Client

Login as SSO-Admin (administrator@vsphere.local)

Menu > Administration > Single Sign-on > Configuration > Identity Sources > Add Identity Source

Choose Active Directory (Windows Integrated Authentication). Select “use machine account”.

 

Leave a Reply

Your email address will not be published.