Validate Requirements
Validate that the vCenter Server Appliance 5.5 has network configuration and connectivity for binding to an Active Directory domain.
- Open a web browser and navigate to the vCenter Server Appliance Virtual Application Management Interface (VAMI). By default, the VAMI is located at: https://vCenter-Appliance-Address:5480/.
- Log in as root. The default password is vmware.
- Click the Network tab > select the Address sub-tab.
- Validate that the network configuration has correct DNS server(s) listed.
- Validate that the network configuration has a hostname defined and that the hostname is neither
linux
or localhost
.
Test Active Directory Domain Server Lookup
Test that the vCenter Server Appliance can successfully locate an Active Directory server for a given Active Directory domain.
- Open the vCenter Server Appliance console or connect with SSH. To connect to the vCenter Server Appliance through SSH, see Enable or Disable SSH Administrator Login on the VMware vCenter Server Appliance section in the vCenter Server and Host Management Guide.
- Log in as root. The default password is vmware.
- Execute the command
lw-get-dc-name
(located in: /opt/likewise/bin/) to look up the Service Location (SVR) record for the Active Directory domain. You should see information about the domain, including the IP address of an Active Directory server.
Example:
/opt/likewise/bin/lw-get-dc-name exampledomainname.com
- Validate that the forward and reverse DNS entries for the listed Active Directory domain server's IP address are consistent.
Join vCenter Server Appliance 5.5 to Active Directory Domain
Configure the vCenter Server Appliance to join the Active Directory domain. After joining the domain, the vCenter Server Appliance can issue requests for users and groups on the domain.
- Open a web browser and navigate to the vCenter Server Appliance Application Management Interface. (
https://<vCenter_Appliance_FQDN>:5480/
) - Log in as root. The default password is vmware.
- From the vCenter Server tab, select the Authentication sub-tab.
- Select Active Directory Enabled.
- Enter the Active Directory domain name.
Example:
exampledomainname.com
.
- Enter the username in User Principal Name format (UPN) and password of an Administrative account on the Active Directory domain that has permissions to join the desired domain.
Example:
[email protected]
Note: If enabling Active Directory fails, see Enabling Active Directory on the VMware vCenter Server Appliance 5.x fails with the error: Enabling active directory failed (2062610).
Test Active Directory Communication
Validate that the vCenter Server Appliance was correctly joined to the Active Directory domain by using a command-line tool to lookup a list of users from that domain.
- Open the vCenter Server Appliance console or connect with SSH. To connect to the vCenter Server Appliance through SSH, see Enable or Disable SSH Administrator Login on the VMware vCenter Server Appliance section in the vCenter Server and Host Management Guide.
- Log in as root. The default password is vmware.
- Execute the command
lw-enum-users
(located in: /opt/likewise/bin/) to query a list of user accounts for the Active Directory domain. You should see information about the user accounts, including user names.
Example:
/opt/likewise/bin/
lw-enum-users
Add Identity Source for Active Directory Domain in Web Client
The vCenter Server Appliance is joined to the domain successfully. Add an Identity Source for that domain in the vCenter Single Sign-On configuration.
- Open a web browser and navigate to the vCenter Server's vSphere Web Client. Default URL is
https://<vCenter_Appliance_FQDN>:9443/vsphere-client
. - Navigate from Home to Administration > Single Sign-On > Configuration > Identity Sources.
- Click the Add an Identity Source icon.
- Select Active Directory (integrated Windows Authentication). Ensure that the correct domain name is propagate in the Domain Name field.
- Select Use Machine Account.
- Click OK.
For more information on configuring Identity Sources in vSphere 5.5, see the Add a vCenter Single Sign-On Identity Source section in the vSphere 5.5 Installation and Setup Guide.
Validate User List from Active Directory Domain in Web Client
Validate that the vCenter Single Sign-On Identity Source was correctly added by using the vSphere Web Client to fetch a list of users from that Identity Source. A list of Active Directory domain user accounts should be visible.
- Open a web browser and navigate to the vCenter Server's vSphere Web Client. Default URL is
https://<vCenter_Appliance_FQDN>:9443/vsphere-client
. - Navigate from Home to Administration > Single Sign-On > Configuration > Users and Groups.
- From the Users tab, click the drop-down next to Domain and select Active Directory domain.
- Observe list of domain users displayed.