Active Directory Authentication Sources in vRealize Operations
search cancel

Active Directory Authentication Sources in vRealize Operations


Article ID: 342368


Updated On:


VMware Aria Suite


In previous versions of vRealize Operations it's been possible to login by providing only the username without the domain suffix when the userPrincipalName option has been selected in the Active Directory authentication source.
This caused massive reads per login from the database when there were large numbers of imported AD users, since the whole user list would be retrieved from the database and iteration was done over the complete list to find the required user.

Starting in vRealize Operations 7.5, a single query per login is performed using the full format, [email protected], which positively affects performance.
The limitation coming with this change means that the login will only be successful if the username's domain suffix matches the domain name specified in the Base DN option. Otherwise, the full username with domain suffix is required during login.


VMware vRealize Operations 8.x
VMware vRealize Operations Manager 7.5.x


This is expected behavior in vRealize Operations 7.5 and later when authenticating with Active Directory sources when the Common Name option is configured to use userPrincipalName.
When authenticating, use the format [email protected].

Alternatively, to authenticate using short name (username only), configure the Active Directory Authentication Source to use samAccountName for the Common Name option.

  1. Log into the vRealize Operations UI with the local admin user.
  2. Navigate to Administration > Access > Authentication Sources.
  3. Select the Active Directory source and click Edit.
  4. Expand Details, and set Common Name to samAccountName.
  5. Click OK.
You will need to re-import the Active Directory Users and Groups after setting Common Name to samAccountName.

Note: This will import a new user ID into the database.  Custom content (dashboards, reports, alerts, etc) owned by the previous user account will not be visible on the new user account.  Once the old user account is deleted from vRealize Operations, the custom content can be recovered under Administration > Management > Orphaned Content and assigned to the new user.