Another configuration step when you first deploy your VMware VCSA or PSC is to join Microsoft AD. In this post, we'll look closer at VMware VCSA – How to Join Domain. You may ask what's the advantage of joining Microsoft AD? The reason is simple – you can delegate administration by using existing domain structure because you can attach users and groups from AD to your vCenter Single Sign-On domain.
VCSA appliance based vCenter server deployments were quite unusual in the past. Things are changing however and there are less and fewer limitations. Going forward VMware is pushing VCSA as a viable alternative to Windows based vCenter.
Administrators however still fear using VCSA in a production environment. One of the principal reasons I hear is often “Linux skills”. In my experience, you don't have to be a Linux guru in order to successfully deploy and manage vCenter on VCSA.
VMware VCSA – How to Join Domain
You'll need to connect to the usual administration UI of VCSA. The address is in this format https://appliance-IP-address-or-FQDN/vsphere-client.
First, you'll need to log in with a user which has certain rights. The user has to be part of SystemConfiguration.Administrators group in vCenter Single Sign-On. You can verify that by going to Single Sign-on and click Users and Groups.
- Click Administration > Deployment, click System Configuration
- Under System Configuration, click Nodes > Select a node and click the Manage tab
- Go to Advanced, select Active Directory, and click Join > Enter the Active Directory details.
Note the syntax:
user name: [email protected] (LAB\administrator is unsupported !!!)
The operation shall succeed without prompt. (I always say no output is good output). According to VMware documentation you should see the Join button to become grayed out. Well, in my case that did not happen.
- Reboot the appliance by Selecting the node > right click > reboot
You'll have to put something in the description field otherwise the process will complain and you won't be able to reboot the appliance…
After reboot, you should see that the Unjoin button shall be “un-grayed out”. The reboot takes at least 4-5 min due the fact that all the core vCenter services which are dependent one on another, and so it takes some time to do so. Also, the vSphere Client web server takes some time to initialize. The same problem, however, we can see within vCenter based on Windows…
- Next you should go to Administration > Single Sign-On > Configuration > Identity Sources Tab > Add Identity Source
And you should end up with your domain in the list…
To Leave domain?
Simple, you do the reverse process. You simply click the Unjoin button to leave a domain…
Wrap Up:
Simple tutorial, isn't it? Well, simple fo those who knows :). For folks starting with virtualization or people which virtualization and IT administration is not the daily bread, this post might be very helpful. With this in mind, don't forget to check out other posts of mine on the same subject – VMware VCSA. Stay tuned for more…
VMware VCSA:
- How-to Install VMware VCSA
- VMware VCSA – 3 Ways to Activate SSH
- VMware VCSA – How to check running services?
- VMware VCSA – How to Join Domain – (This post)
- VMware VCSA – IP Address Change
- VMware VCSA – Configure NTP
vSphere links:
- vSphere 6 Page (vSphere 6.0 and releated, regularly updated page).
- vSphere 6 Features – New Config Maximums, Long Distance vMotion and FT for 4vCPUs
- vSphere 6 Features – vCenter Server 6 Details, (VCSA and Windows)
- ESXi 6.0 Security and Password Complexity Changes
