Microsoft Active Directory Integration with vCenter 6.x - Telecommunications Blog

A blog for mobile communications systems GSM , UMTS and LTE

Wednesday, July 15, 2020

Microsoft Active Directory Integration with vCenter 6.x


Joining vCenter Server Appliance (VCSA) 6.5 to Microsoft Active Directory:

1. Launch and log in to VCSA using vSphere Web Client.
2. Open home>go to Administration > Deployment > System Configuration.


3. Click on Nodes and select the required node.
4. Navigate to Manage > Settings > Advanced > Active Directory and click Join.


5. Put the required details.

Domain
Put Active Directory Domain Name. 
Organizational Unit
Put the OU name for the VCSA (optional). 
User Name
Put the user with Domain joining rights/administrator. Password 
Put the password of above user.


6. Click OK, and restart the appliance.

Enable Active Directory authentication in vCenter 6.5:

Why You Need To integrate Active Directory VCSA? Why You Need To integrate Active Directory VCSA. Every organization uses an Active Directory for managing and auditing user access and activities. By joining VCSA to Windows Active Directory, it simplifies the user management with proper auditing. No need to create and manage multiple users in VCSA locally.

AD authentication in vCenter Server Appliance (VCSA):
1. Launch and login on VCSA by using vSphere Web Client.
2. Expand home then click Administration.


3. Navigate to Single Sign-On > Configuration.


4. Open the Identity Sources tab.
5. Click the green plus (+) and add identity source.


6. Select Identity Source Type:
Active Directory (Integrated Windows Authentication).
Active Directory as an LDAP server.

Select Active Directory (Integrated Windows Authentication).


Note: This option works with both, the Windows-based vCenter Server and the vCenter Server Appliance. However, the underlying system has to be a member of the Active Directory domain. (refer below blog to join the VCSA to an AD). 
If VCSA is not joined to the AD domain, it will show the below mentioned error as this option will not work if you don̢۪t join the active directory domain.


7. On the next screen, put the Domain name and select the Use machine account.


8. Click next and finish configuration.9. Go back to Identity Sources to verify the domain name in the list.

Set permission for AD users:

To add AD user as the global Administrator, select Administration > Access Control > Global Permissions.


11. Click on + button to add permission.


12. Click ADD button at the bottom.


13. Select the Domain name and user and click Add.


14. Click on OK, Finish the process.

Add members to a vCenter Single Sign-On group:

 You can add new members to a vCenter Single Sign-On group from the vSphere Web Client.

About this task:

You can add members of Microsoft Active Directory or Open LDAP groups to a vCenter Single Sign-On group. 
You cannot add groups from external identity sources to a vCenter Single Sign-On group. 
Groups that are listed on the Groups tab in the vSphere Web Client are internal to vCenter Single Sign-On and are part of the vsphere.local domain.

 Procedure:
1. Log in to the vSphere Web Client as administrator@vsphere.local or as another user with vCenter Single Sign-On administrator privileges.

 Users with vCenter Single Sign-On administrator privileges are in the CA Admins group.

2. Click Home, and browse to Administration > Single Sign-On > Users and Groups.
3. Click the Groups tab and click the group (for example, Administrators).
4. In the Group Members area, click the Add Members icon.
5. Select the identity source that contains the member to add to the group.
6. (Optional) Enter a search term and click Search.
7. Select the member and click Add.
 You can simultaneously add multiple members.
 8. Click OK.


Want to download this blog as a PDF document, click the link below:





Abd El-Rahman Oreiby
Senior Data Center Engineer
Al Thuraya Security Egypt 
www.abdelrahmanoreiby.weebly.com

No comments:

Post a Comment