Skip to main content

Joining PSC to an Active Directory Domain

I have deployed some Platform Services Controller (PSC) appliances to my environment but in order to be able to use Active Directory as an identity source you will need to join the PSC to the Active Directory domain. In this post I will show you two possible ways of doing it

My environment is based on using vSphere 6.0 Update 1

Command line method:

1.  Ensure you have enabled SSH so that you can use something like Putty. If it has not be enabled then you will need to log on to the appliance and change the settings there to allow SSH
2. Type in the user name "root" and password to SSH to your PSC appliance


3. Type in "shell.set --enabled True"
4. Type in "shell"
5. You will see some warning message and then be presented with the command prompt screen with the name of your PSC
 6. Type "cd /opt/likewise/bin"
 7. Type "./domainjoin-cli query" to see if the PSC is already part of the domain
 8. Using the format domainjoin-cli <Domain Name> <User> <Password> to join the PSC to a domain. Ensure the account you use has permissions to add a computer account to the domain. So example would be "domainjoin-cli ppe yungk Random"
 9. You should see the following information that is has joined the domain with the word "SUCCESS"
 10. Type "./domainjoin-cli query" and we should see the details of the PSC and the location of the object within Active Directory. You can also use Active Directory Users and Computers to check that there is a computer object there too
11. Type "reboot" to reboot the PSC 


GUI version method:

Using this method would need you to have already stool up a vCenter instance which is connected to the PSC controller

1. Log on to your vCenter instance
2. At the Navigator panel select "Administration"
 3. Select "Configuration"
 4. Select "Nodes"
5. Under "Nodes" select the PSC that you wish to join domain and on the right hand side panel, select "Manage" and then "Active Directory". The domain field should be empty
6. Click the "Join" button 
7. Check the title screen is the name of your PSC that you wish to join. Type in the domain you wish to join. Enter in the account details which has permssions to join a computer to the domain. Press "OK". Leave Orgaizational unit blank as I can't seem to find the right sytnax around this.

8.You will see a quick flash of the screen doing the task in the background. This is one of the fallbacks of using GUI to join the domain where it doesn't give you any indications if it has been successful or failed
8. Ensure you are still within the context of the PSC and click on "Actions" followed by "Reboot"
 9. An final prompt window will appear. Ensure the title is your Fully Qualified Domain Name (FQDN) of your PSC. Enter the reason for reboot and click "OK"
10. After a reboot follow steps 1 - 5 again. At step 5 you should see the domain filed with the domain the PSC has joined

Now that you have joined your PSC to your domain you can use Active Directory as an identity source. Remember to join all your PSC to the domain if you wish to use Active Directory as an identity source across your environment

Comments

Popular posts from this blog

Rolling back a version of ESXi

There is an option in VMware where after you have performed an major upgrade of ESXi you can roll back to your previous version. The benefit of this is that you would not need to reinstall your ESXi and its configuration if you had issues with the new software. I had to do this on one occassion in my lab where I upgraded from 6.5 to 6.7 and my VMs would not run because the CPU was not supported in 6.7. Please remember if you are using ISO method to upgrade ESXi please ensure you select "Upgrade ESXi, preserve VMFS datastore". Selecting "Install ESXi, preserve VMFS datastore" does not mean preserving datastore means retaining ESXi as it will still do a clean install of ESXi. This method does not work for vSphere 7.0 as there are changes to the partitions on the boot device. Below are the steps to roll back to a previous version which is quite straight forward. As always perform an backup of your host configuration before you upgrade or rollback ( KB2042141 ). I have

Configuring ESXi 6 host to send logs to Syslog Server

In my previous post I talked about configuring VMware Syslog server for Windows which is installed and enabled by default on installation of vCenter 6 for Windows. I will now describe the basic configuration that is required on an ESXi 6 host to be able to send logs out to a syslog server using my vCenter as the example. 1) Navigate to your ESXi host within vCenter. Go to "Manage" tab and select "Settings" followed by "Advanced System Settings". Look for the settings "Syslog.global.loghost" and highlight this settings. Click the pencil icon to edit the configuration for this setting. 2) You can now add the host name or ip address of your syslog server/s. You can enter just hostname or IP address, use udp://hostname:514 or ssl://hostname:1514 to be more specific on the port and protocol to be used. If you have multiple hosts then you use the comma (,) to separate each server i.e. udp://192.168.0.1:514,udp://192.168.0.2:514 3)We n

Custom ESXi Image - ISO using PowerCLI

There comes a time when you have purchased a new hardware to run your ESXi software and discover that the installable base media provided by VMware does not include the drivers or the drivers are out of date. In the world of Windows (Plug and Play) it would discover the hardware and prompt you to provide the drivers so that Windows would install/update the drivers for the hardware. For ESXi if the drivers are not present during load time then the hardware will possibly not work. VMware uses VIB (vSphere Installation Bundle) as a way for vendors to distribute their drivers. To install these VIBs you can either use Update Manager or command line (esxcli). Now this is all good but it does mean you have to first install the base ESXi then use one of the steps above to install/update the drivers.   Some people might feel that it is OK to update the drivers using the above methods but what if it was the network card that was the new hardware and you needed new drivers. Without the net