Skip to main content

Joining VCSA 6.0 Appliance to Active Directory

Now that you have built your vCenter appliance the next step is to join it to your domain so that you can attach users and groups from the domain to your vCenter SSO domain.


1) Using your web browser navigate to your vCenter URL which should be http://appliance-IP-address-or-FQDN/vsphere-client. You may receive this message below around certificates and click "Continue to this website (not recommended)" if you are happy to proceed.

2) Log on as [email protected]_domain_name with the password and click "Login". ("Your_domain_name" is the SSO domain name that you created when you was installing your appliance.)

3) At the "Home" navigation menu select "Administration"
4) Locate "Deployment" and select "System Configuration"

5) Select "Nodes"

6) Once you have highlighted "Nodes" you should see the Nodes that this vCenter is managing. Select the one that you wish to make changes to

7) On the right hand panel click on the "Manage" tab

 8) Click "Active Directory" and then click "Join"

9) Fill in the details of the domain using FQDN i.e. abc.local and the username/password that has the permissions to join the domain. I would leave the OU blank so that it joins the default computer OU as I can't seem to find good information from VMware on what are the acceptable format for the LDAP. I have tried the format for username in both domain\username and [email protected] For me the latter one appeared to work more often. Once you are OK with your details click "OK"

The operation if successful will not return any information in the events to say that it is OK. You only get a message if it is unsuccessful like the message below. Another way to check is to going in to Active Directory Users and Computers and see if there is an computer account under the default Computer container

10) Under the same panel select "Actions" and select "Reboot". You have to reboot for the settings to take affect.

11) Enter the reason for a reboot and then reboot the appliance

12) After a reboot log back in to the appliance and navigate back to "Home>Administration>Deployment>System Configuration". Select "Nodes" and highlight the node we need then on the right hand panel go to "Manage > Active Directory". You should see which domain you have joined and also the "Join" button is greyed out but you have option to click "Leave"

The next step on this is to start configuring SSO to use users and groups to authenticate to your vSphere environment.


Popular posts from this blog

Rolling back a version of ESXi

There is an option in VMware where after you have performed an major upgrade of ESXi you can roll back to your previous version. The benefit of this is that you would not need to reinstall your ESXi and its configuration if you had issues with the new software. I had to do this on one occassion in my lab where I upgraded from 6.5 to 6.7 and my VMs would not run because the CPU was not supported in 6.7. Please remember if you are using ISO method to upgrade ESXi please ensure you select "Upgrade ESXi, preserve VMFS datastore". Selecting "Install ESXi, preserve VMFS datastore" does not mean preserving datastore means retaining ESXi as it will still do a clean install of ESXi. This method does not work for vSphere 7.0 as there are changes to the partitions on the boot device. Below are the steps to roll back to a previous version which is quite straight forward. As always perform an backup of your host configuration before you upgrade or rollback ( KB2042141 ). I have

Configuring ESXi 6 host to send logs to Syslog Server

In my previous post I talked about configuring VMware Syslog server for Windows which is installed and enabled by default on installation of vCenter 6 for Windows. I will now describe the basic configuration that is required on an ESXi 6 host to be able to send logs out to a syslog server using my vCenter as the example. 1) Navigate to your ESXi host within vCenter. Go to "Manage" tab and select "Settings" followed by "Advanced System Settings". Look for the settings "" and highlight this settings. Click the pencil icon to edit the configuration for this setting. 2) You can now add the host name or ip address of your syslog server/s. You can enter just hostname or IP address, use udp://hostname:514 or ssl://hostname:1514 to be more specific on the port and protocol to be used. If you have multiple hosts then you use the comma (,) to separate each server i.e. udp://,udp:// 3)We n

Custom ESXi Image - ISO using PowerCLI

There comes a time when you have purchased a new hardware to run your ESXi software and discover that the installable base media provided by VMware does not include the drivers or the drivers are out of date. In the world of Windows (Plug and Play) it would discover the hardware and prompt you to provide the drivers so that Windows would install/update the drivers for the hardware. For ESXi if the drivers are not present during load time then the hardware will possibly not work. VMware uses VIB (vSphere Installation Bundle) as a way for vendors to distribute their drivers. To install these VIBs you can either use Update Manager or command line (esxcli). Now this is all good but it does mean you have to first install the base ESXi then use one of the steps above to install/update the drivers.   Some people might feel that it is OK to update the drivers using the above methods but what if it was the network card that was the new hardware and you needed new drivers. Without the net