You can a register one or more Windows domains with an NSX Manager and associated vCenter server. NSX Manager gets group and user information as well as the relationship between them from each domain that it is registered with. NSX Manager also retrieves Active Directory (AD) credentials.

Once NSX Manager retrieves AD credentials, you can create security groups based on user identity, create identity-based firewall rules, and run Activity Monitoring reports.

AD group membership changes do not immediately take effect for logged in users using RDSH Identity Firewall rules, this includes enabling and disenabling users, and deleting users. For changes to take effect, users must log off and then log back on. We recommend AD administrators force a log off when group membership is modified. This behavior is a limitation of Active Directory.

Important: Any changes made in Active Directory will NOT be seen on NSX Manager until a delta or full sync has been performed.