Configure the authentication with the vsphere.local domain and the default administrator group followed by updating the database directly with the desired active directory domain and admin group.

Before proceeding, take a snapshot of the orchestrator appliance.

1. Configure the Authentication with the vsphere.local domain and the default administrator group. Replace <vCenter FQDN> with actual vCenter FQDN.
   
   vracli vro authentication set -p vsphere -hn <vCenter FQDN> -u [email protected] --tenant vsphere.local --admin-group Administrators --admin-group-domain vsphere.local


2. Launch psql and accept the prompt:  
   
   vracli dev psql vco-db
   
   
3. Update the desired admin group name. (Note case sensitivity.) Replace <Desired vRO Admin Group> with the actual Active Directory group Name:
   
   UPDATE vmo_configitem SET itemValue = '<Desired vRO Admin Group>' where id = '[system_settings]__com.vmware.o11n.sso.admin.group.name';
   
   
4. Update the group domain. (Note case sensitivity.) Replace <example.com> with the actual Active Directory domain name:
   
   UPDATE vmo_configitem SET itemValue = '<example.com>' where id = '[system_settings]__com.vmware.o11n.sso.admin.group.domain';
   
   
5. Exit from psql:

\q
   
   
6. Restart the Orchestrator pod:

kubectl -n prelude delete po -l app=vco-app
   
   
7. Once the Orchestrator pod is up, validate the changes in the database are reflected in command output:
   
   vracli vro authentication