To assign access to users using Active Directory security groups, you add the Active Directory domain as an identity provider over LDAP/LDAPS in vCenter Server.

UI Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui as administrator@vsphere.local.
  2. From the vSphere Client Menu, select Administration.
  3. In the Single sign on section, click Configuration.
  4. Click the Identity provider tab.

  5. Select Identity sources and click Add.

  6. In the Add identity source dialog box, configure the following settings according to the design of this solution, configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook.

    Setting

    Description

    Identity source type

    Active Directory over LDAP

    Connect to

    Specific domain controllers

  7. Configure secure communication between vCenter Server and Active Directory, click Browse, select the Root CA certificate file, and click Add.

  8. Select the newly configured Active Directory over LDAP identity source and click Set as default.

  9. In the Set default identity source dialog box, click OK.

PowerShell Procedure

  1. Start PowerShell.

  2. Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
    $sddcManagerUser = "administrator@vsphere.local"
    $sddcManagerPass = "VMw@re1!"
    
    $sddcDomainName = "sfo-m01"
    
    $domainFqdn = "sfo.rainpole.io"
    $domainBindUserVsphere = "svc-vsphere-ad"
    $domainBindPassVsphere = "VMw@re1!"
    $domainControllerMachineName = "sfo-dc01"
    $baseGroupDn = "OU=Security Groups,dc=sfo,dc=rainpole,dc=io"
    $baseUserDn = "OU=Security Users,dc=sfo,dc=rainpole,dc=io"
  3. Perform the configuration by running the command in the PowerShell console.

    Add-IdentitySource -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -sddcDomain $sddcDomainName -domain $domainFqdn -domainBindUser $domainBindUserVsphere -domainBindPass $domainBindPassVsphere -dcMachineName $domainControllerMachineName -baseGroupDn $baseGroupDn -baseUserDn $baseUserDn -protocol ldaps
  4. Navigate to the Root CA .cer certificate file and click Open.