"There is already a native AD IDS or LDAP AD IDS registered", Unable to disjoin/leave vCenter Server Appliance from Active Directory Domain
search cancel

"There is already a native AD IDS or LDAP AD IDS registered", Unable to disjoin/leave vCenter Server Appliance from Active Directory Domain

book

Article ID: 322253

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article will help if you want to rejoin VCSA to domain by performing leave domain followed by join domain operation.

Symptoms:
  • Leave Domain (Administration -> Single Sign On -> Configuration -> Active Dircetory Domain -> LEAVE AD) operation from WebClient fails with below error message 
"There is already a native AD IDS or LDAP AD IDS registered"


Environment

VMware vCenter Server 7.0.x
VMware vCenter Server Appliance 6.0.x
VMware vCenter Server Appliance 6.5.x
VMware vCenter Server Appliance 6.7.x

Cause

This error occurs when disjoint domain namespace is in use.

Resolution

Note: Please take snapshot of all vCenter Servers and PSC in Enhanced Linked Mode before proceeding with below steps. Recreating the identity source might impact vCenter Permissions, hence snapshot is important:

Perform below steps to resolve this issue :
  1. Delete the Identity source - IWA (Active Directory Integrated Windows Authentication, by connecting to WebClient -> Administration -> Configuration -> Identity Sources).
  2. Log in to the Platform Services Controller Appliance as root and activate the bash shell.
  3. Leave the domain by running the domainjoin-cli leave command.
    • /opt/likewise/bin/domainjoin-cli leave
  4. Reboot the appliance.
  5. Delete the computer account on the Active Directory.
  6. Log in to the appliance again and enable the bash shell.
  7. Join to the domain by running the following command /opt/likewise/bin/domainjoin-cli join domain-name domain_admin_user.
Example: /opt/likewise/bin/domainjoin-cli join vmware.com administrator
  1. Reboot the appliance.
  2. Recreate the Identity Source (by connecting to WebClient -> Administration -> Configuration -> Identity Sources)


Powered by Wolken Software