Joining vCenter Server Appliance (VCSA) 6.5 to Microsoft Active Directory:
1. Launch and log in to VCSA using vSphere Web Client.
2. Open home>go to Administration > Deployment > System Configuration.
3. Click on Nodes and select the required node.
4. Navigate to Manage > Settings > Advanced > Active Directory and click Join.
5. Put the required details.
Domain
Put Active Directory Domain Name.
Organizational Unit
Put the OU name for the VCSA (optional).
User Name
Put the user with Domain joining rights/administrator. Password
Put the password of above user.
6. Click OK, and restart the appliance.
Enable Active Directory authentication in vCenter 6.5:
Why
You Need To integrate Active Directory VCSA? Why You Need To integrate
Active Directory VCSA. Every organization uses an Active Directory for
managing and auditing user access and activities. By joining VCSA to
Windows Active Directory, it simplifies the user management with proper
auditing. No need to create and manage multiple users in VCSA locally.
AD authentication in vCenter Server Appliance (VCSA):
1. Launch and login on VCSA by using vSphere Web Client.
2. Expand home then click Administration.
3. Navigate to Single Sign-On > Configuration.
4. Open the Identity Sources tab.
5. Click the green plus (+) and add identity source.
6. Select Identity Source Type:
• Active Directory (Integrated Windows Authentication).
• Active Directory as an LDAP server.
Select Active Directory (Integrated Windows Authentication).
Note:
This option works with both, the Windows-based vCenter Server and the
vCenter Server Appliance. However, the underlying system has to be a
member of the Active Directory domain. (refer below blog to join the
VCSA to an AD).
If
VCSA is not joined to the AD domain, it will show the below mentioned
error as this option will not work if you don̢۪t join the active
directory domain.
7. On the next screen, put the Domain name and select the Use machine account.
8. Click next and finish configuration.9. Go back to Identity Sources to verify the domain name in the list.
Set permission for AD users:
To add AD user as the global Administrator, select Administration > Access Control > Global Permissions.
11. Click on + button to add permission.
12. Click ADD button at the bottom.
13. Select the Domain name and user and click Add.
14. Click on OK, Finish the process.
Add members to a vCenter Single Sign-On group:
You can add new members to a vCenter Single Sign-On group from the vSphere Web Client.
About this task:
You can add members of Microsoft Active Directory or Open LDAP groups to a vCenter Single Sign-On group.
You cannot add groups from external identity sources to a vCenter Single Sign-On group.
Groups
that are listed on the Groups tab in the vSphere Web Client are
internal to vCenter Single Sign-On and are part of the vsphere.local
domain.
Procedure:
1. Log in to the vSphere Web Client as administrator@vsphere.local or as another user with vCenter Single Sign-On administrator privileges.
Users with vCenter Single Sign-On administrator privileges are in the CA Admins group.
2. Click Home, and browse to Administration > Single Sign-On > Users and Groups.
3. Click the Groups tab and click the group (for example, Administrators).
4. In the Group Members area, click the Add Members icon.
5. Select the identity source that contains the member to add to the group.
6. (Optional) Enter a search term and click Search.
7. Select the member and click Add.
You can simultaneously add multiple members.
8. Click OK.
Want to download this blog as a PDF document, click the link below:
Abd El-Rahman Oreiby
Senior Data Center Engineer
Al Thuraya Security Egypt
www.abdelrahmanoreiby.weebly.com
No comments:
Post a Comment