The migration of the identity store fails because of incorrect Active Directory domain credentials or the lack of user permission.


The migration of identity store to the VMware Identity Manager utility fails.


The credentials of the Active Directory domain are incorrect. The problem also occurs when the user does not have the permission to join VMware Identity Manager to the Active Directory Domain.


  1. Log in the vRealize Appliance as a system administrator.
  2. Create a local user for the vsphere.local tenant.
  3. Assign the local user the Tenant Administrator privileges.
  4. Log out of the vRealize Appliance.
  5. Log in the tenant with the local user credentials.
  6. Select Administration > Directories Management > Connectors.
  7. To join the connector to a specific Active Directory domain, click Join Domain.

    The connector syncs user and group data between Active Directory and the Directories Management service.

  8. Enter the domain, domain username, and password for the active directory domain.
  9. Click Save.

    The Join Domain page is refreshed and displays a message that you are currently joined to the domain.

What to do next

Start the migration process.