In previous post of this series, we’ve learnt about how to manage vCenter Server inventory such as data center objects, organizing inventory objects into folders, events, and logs. If you missed previous posts regarding vCenter Server, you can follow them:
- vCenter Server Architecture
- Installing vCenter Server with Embedded PSC
- Installing vCenter Server with External PSC
- Installing vCenter Server Appliance (VCSA)
- Using vSphere Web Client to Login to vCenter Server
- Managing vCenter Server Inventory
In this post, we’ll learn about how to add Active Directory authentication in vCenter Server. With the help of AD authentication to vCenter Server, you can manage and control your virtual environment via active directory users. You (administrator) can assign restricted access and roles to specific users to manage your virtual environment. For example, if a user requires to create and consolidate VM snapshot, add/remove virtual disks, and snapshot management, you can assign him a power user rights. And for all such type of tasks, you’ll have to authenticate active directory with your vCenter Server.
Now, we’ll see step by step process to authenticate active directory with the vCenter Server. I am not going in the phase of creating active directory in windows server 2008/2012 R2, as it’s not part of this topic. I assume that you have already created your AD.
Let’s start the process:
Step 1: Connect to vCenter Server using your credentials and click Login
Step 2: Click on Administration on left pane of window.
Step 3: Go to Single Sign-On > Configuration > Identity Sources > Click the “+” sign to add your AD as an identity source. Normally it will populate your local AD automatically, so click OK button.
After clicking OK button, Identity Source will be added.
After adding Identity Source to your virtual environment, you’ll need to assign permissions to users who administer the vSphere infrastructure. Usually it’s domain admin, but not always….. Also keep in mind where you assign those permissions. If it’s at the Datacenter level, vCenter level or at the cluster level… Usually you’ll need to add permissions at the vCenter Level.
Step 5: Go to Home > vCenter Inventory Lists > vCenter Servers > vc.vcp.com (in my case) > Click the Manage Tab > Permissions
There you click the “+” sign > Add button > make sure that you select the drop-down for your Microsoft AD (VCP in my case) to make appear the Domain admin user, and click OK
Now, logout your vCenter Server, and login again in vSphere Web Client with your Windows Domain Admin user.
I hope you’ve enjoyed reading this post, if you feel it should be shared on social media, you can…. Be Friendly…