Active Directory Group is not listed or seen from the UI when adding permissions
search cancel

Active Directory Group is not listed or seen from the UI when adding permissions

book

Article ID: 429865

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Trying to assign permissions on a folder for an Active Directory(AD) group
  • Only one group is affected.
  • New or other existing groups are listed as expected.
  • In /var/log/vmware/ssoAdminServer.log,entries of the following type are seen:
    <timestamp> INFO ssoAdminServer[133:pool-2-thread-26] [OpId=q-########:h5ui-getProperties:urn:vri:sso:UserDirectory:########-####-####-####-############:############:SsoUserDirectoryPropertyProvider:########-4abcd-h5:########] [com.vmware.identity.admin.vlsi.PrincipalDiscoveryServiceImpl] [User {Name: vsphere-webclient-########-####-####-####-############, Domain: vsphere.local} with role 'Administrator'] Find at most 200 principals by name matching criteria searchString=<Affected AD group name>, domain=<domain name>
    <timestamp> INFO ssoAdminServer[133:pool-2-thread-26] [OpId=q-########:h5ui-getProperties:urn:vri:sso:UserDirectory:########-####-####-####-############:############:SsoUserDirectoryPropertyProvider:########-4abcd-h5:########] [com.vmware.identity.admin.vlsi.PrincipalDiscoveryServiceImpl] Vmodl method PrincipalDiscoveryService.findByName return value is (sso.admin.SearchResult) {\n   dynamicType = null,\n   dynamicProperty = null,\n   personUsers = (sso.admin.PersonUser) [\n   ],\n   solutionUsers = (sso.admin.SolutionUser) [\n   ],\n   groups = (sso.admin.Group) [\n      (sso.admin.Group) {\n         dynamicType = null,\n         dynamicProperty = null,\n         id = (sso.PrincipalId) {\n            dynamicType = null,\n            dynamicProperty = null,\n            name = <Affected AD group name>,\n            domain = <domain name>\n         },\n         alias = (sso.PrincipalId) {\n            dynamicType = null,\n            dynamicProperty = null,\n            name = <Affected AD group name>,\n            domain = <domain name>\n         },\n         details = (sso.admin.GroupDetails) {\n            dynamicType = null,\n            dynamicProperty = null,\n            description = <value \u001B value>\n         }\n      }\n   ]\n}

Environment

vCenter Server 8.0.3

Cause

The issue happens when there are special characters in the AD group description.

Resolution

To resolve the issue,remove the special characters from the description field of the AD group.

No action is required from the vcenter side. Once the special characters are removed,try assigning permissions to the folder for the AD group.

Additional Information

Add a Permission to an Inventory Object 

vSphere 6.7 HTML5 client cannot query more than 200 principals while adding permissions in vCenter Server

Powered by Wolken Software