Verify that you can authenticate to vCenter Server with a user account that is a member of an Active Directory security group.

Validate that vCenter Server has access to Active Directory. Validate that you can authenticate using an Active Directory user account assigned a vCenter Server role. See Personas in Identity and Access Management for VMware Cloud Foundation and your VMware Cloud Foundation Planning and Preparation Workbook.

You perform this procedure for the following personas.

Persona

Component Role

Cloud Admin

Administrator

VI Admin

Administrator

Auditor

Read Only

Expected Outcome

You can successfully log in to vCenter Server with an Active Directory user account with access based on a security group and you can perform tasks according to the expected privileges and permission scope.

Procedure

  1. Log in to vCenter Server at https://<management_vcenter_server_fqdn>/ui with an Active Directory account assigned a vCenter Server role.
  2. Verify that you can access all required menus based on the expected permissions for the role.
  3. Repeat the procedure for each vCenter Server connected to the VMware Cloud Foundation instance.
  4. Repeat the procedure for each persona.

What to do next

If you encounter issues while performing this procedure, use the following troubleshooting tips:

Troubleshooting Tips

  • Ensure that there is network connectivity between the vCenter Server instance and the Active Directory domain infrastructure.

  • Ensure that Active Directory is configured as an identity provider in vCenter Server.

  • Ensure that the Active Directory security group is assigned global permissions.

  • Ensure that the user account is a member of the Active Directory security group with the assigned the role.

  • Ensure that the Active Directory user account is an active account and is not locked.