When attempting to add an AD user or user group to vCenter permissions, the search results return empty.
search cancel

When attempting to add an AD user or user group to vCenter permissions, the search results return empty.

book

Article ID: 411144

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Attempting to add a user or user group to vCenter permissions, or global permissions returned empty.
  • Searching the users in Administration -> Single Sign On -> Users and Groups also return empty.
  • There wouldn't be any error during this search.

Environment

vCenter 7.x

vCenter 8.x

vCenter 9.x

Cause

The AD over LDAP/S configuration was restricted by specifying OUs for users and groups under Base DNs.

For example:

For a domain, abc.vmware

The root DN would be DC=abc,DC=vmware which gives access to vCenter to search the full directory tree.

However, if the Base DN is configured to particular group, for example OU=IT, DC=abc, DC=vmware, any user outside this OU won't be fetched in search results from vCenter.

Resolution

Check the Base DN.

Use the root DN if there are no constraints to use any particular OU specifically for vCenter users in AD.

Additional Information

Check the linked KB for LDAP/S configuration on vCenter.

Powered by Wolken Software