To assign access to users using Active Directory security groups, you add the Active Directory domain as an identity provider over LDAP/LDAPS in vCenter Server.
UI Procedure
- Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui as [email protected].
- From the vSphere Client Menu, select Administration.
- In the Single sign on section, click Configuration.
Click the Identity provider tab.
Select Identity sources and click Add.
In the Add identity source dialog box, configure the following settings according to the design of this solution, configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook.
Setting
Description
Identity source type
Active Directory over LDAP
Connect to
Specific domain controllers
Configure secure communication between vCenter Server and Active Directory, click Browse, select the Root CA certificate file, and click Add.
Select the newly configured Active Directory over LDAP identity source and click Set as default.
In the Set default identity source dialog box, click OK.
PowerShell Procedure
Start PowerShell.
Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.
$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" $sddcManagerUser = "[email protected]" $sddcManagerPass = "VMw@re1!" $sddcDomainName = "sfo-m01" $domainFqdn = "sfo.rainpole.io" $domainBindUserVsphere = "svc-vsphere-ad" $domainBindPassVsphere = "VMw@re1!" $domainControllerMachineName = "sfo-dc01" $baseGroupDn = "OU=Security Groups,dc=sfo,dc=rainpole,dc=io" $baseUserDn = "OU=Security Users,dc=sfo,dc=rainpole,dc=io"
Perform the configuration by running the command in the PowerShell console.
Add-IdentitySource -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -sddcDomain $sddcDomainName -domain $domainFqdn -domainBindUser $domainBindUserVsphere -domainBindPass $domainBindPassVsphere -dcMachineName $domainControllerMachineName -baseGroupDn $baseGroupDn -baseUserDn $baseUserDn -protocol ldaps
Navigate to the Root CA .cer certificate file and click Open.