Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

How to join vCenter Server appliance to Active Directory

I just finished deploying new VCSA 6.7 in my office for a new project, In this article I am showing procedure to join VCSA to active directory, and wanted to assign permissions to AD accounts but Active directory was not visible in permissions. For the same follow below steps on vCenter web client to configure.

Click Home icon button on top, and from drop down menu select Home. Under Administration locate System configuration.

Next Part Add a vCenter Single Sign On Identity Source Active Directory (Windows Integrated Authentication)

vmware vsphere esxi powercli join vcenter into domain home administration system configuration nodes and services vsphere web client

Next on the Navigator select Nodes, Under nodes locate vCenter server, go to Manage tab, in the settings choose Active Directory. once you click Join button. New dialog box pop ups Join active directory, type active directory domain name, AD username and password to add. If you don't want to mention Organizational unit path, keep it blank. Once this step is done, Domain name will reflect after rebooting vCenter.

system configuration vmware vsphere web client, manage settings active directory join vCenter into active directory

If you are cli lover and wants to perform this from vCenter shell command line. Login to vCenter server using putty with root account. Type shell to launch BASH

vcenter ssh putty login root vmware vCenter server appliance shell access is granted to root, launch BASH, shell, api list.png

Next I am querying the current status of domain join, using /opt/likewise/bin/domainjoin-cli query. I see Domain is blank. Next command will join vcenter into active directory domain.

/opt/likewise/bin/domainjoin-cli join domain.com username@domain.com password

If successful it shows the joining to ad domain with computer dns name with success.

vmware vsphere vcenter server appliance with embedded platform services controller likewise domainjoin-cli join query domain username password.png

As fullfledged html5 based vsphere client is out, and if you are planning to use the same for same task Go to Home >> Administration >> Single Sign on >> Configuration >> Active Directory Domain >> Join AD.

vmware vsphere client html, Administration, single sign on configuration, Active Directory Join Ad identity source Organization unit, authentication.png

Once everything is good and successful you can find the computer account is created on Active directory using either powershell command Get-ADComputer or dsa.msc.

active directory module for windows powershell, get-adComputer ou users and computers, vsphere client single sign on configuration join AD, vcenter server.png

Useful Articles
VMWARE SECURITY BEST PRACTICES: POWERCLI ENABLE OR DISABLE ESXI SSH
vSphere ESXi security best practices: Time configuration - (NTP) Network Time Protocol
Configure syslog on VMware ESXi hosts: VMware best practices
Configure SNMP on ESXi Server GUI :Vmware Best Practices

Go Back

Comment

Blog Search

Page Views

11240526

Follow me on Blogarama