Sunday , June 24 2018
Breaking News
Home > vSphere 6.5 > How to configure AD authentication in VCSA 6.5

How to configure AD authentication in VCSA 6.5

Every organization uses Active directory for the Authentication & Permission purpose for their servers as well as desktops . Active Directory is more useful because once you configure it & add the users then you only have to integrate AD with other solutions or products which supports AD Integration. vCenter Server Appliance 6.5 supports the Active Directory Authentication. So that you don’t need to create the multiple users in VCSA 6.5. You can directly give permissions to the users from VCSA once joined to the Domain.

In previous post we have seen on how to join VCSA 6.5 into AD Domain. In this post we will see on how you can Configure & Integrate Active Directory into vCenter Server Appliance 6.5 for user authentication. You can configure the AD Integration by 2 different ways. We will see both the ways.

Let’s see how to configure vCenter Server Appliance 6.5 for user authentication.

How to configure Active Directory Authentication with Integrated Windows Authentication.

Step 1:
Login to vSphere Web client.
Go to Administration > Configuration.
Choose Identity Sources.
Click on Green Plus icon.

configure-ad-vcsa-1

Step 2:
Choose the first option Active Directory(Integrated Windows Authentication)
Click Next to proceed.

configure-ad-vcsa-2

Step 3:
Provide your Active Directory Domain name.
Click Next to proceed.

configure-ad-vcsa-3

Step 4:
Review the settings.
Click Finish to save & close wizard.

configure-ad-vcsa-4

Now you can see that your Domain is listed in the Identity Sources list.

configure-ad-vcsa-4-1

We have successfully added the Active Directory Domain using Integrated Windows Authentication. Now we will add Active Directory Domain as an LDAP Server.

How to add Active Directory Domain as an LDAP Server:

Step 1:
First follow the same step 1 as you followed above.
Here choose the second option Active Directory as an LDAP Server.
Click Next to proceed.

configure-ad-vcsa-5

Step 2:
Provide your Active Directory Domain details.
Name: You can specify any or the AD Domain.
Base DN for users: The Distinguished Name (DN) of the starting point for directory server searches. Example: If your domain name is vlab.local the DN for the entire directory is DC=vlab,DC=local.
Base DN for groups: This will be the same as above.
Domain name: Your Active Directory Domain name. (For e.g vlab.local)
Domain alias: Your NetBIOS name. (For e.g vlab)
Username: Domain Admin user.
Password: Password of the Domain Admin.
You can specify whether you want to connect to any domain controller in the domain or you can specify the specific domain controller by providing the Primary & Secondary server URL.
Click Next to proceed.

configure-ad-vcsa-6

Step 3:
Review all the configurations.
Click Finish to save & close the wizard.

configure-ad-vcsa-7

Now you can see that your Domain is listed in the Identity Sources list.

configure-ad-vcsa-8

In previous steps we have seen on how to add Active Directory Domain. But after adding domain you have to set the permissions for the AD users in order to login using AD.

Step 1:
Choose the Global Permissions from Navigator.
Click on Manage Tab.
Click on Green Plus icon.

configure-ad-vcsa-9

Step 2:
New wizard will open.
Click Add to add the users.

configure-ad-vcsa-10

Step 3:
Choose your Domain name for Domain list.

configure-ad-vcsa-10-1

Step 4:
Choose the user which you want to add & click Add button to add the user.
Click OK to save.

configure-ad-vcsa-11

Step 5:
You can see that your user is listed under Users & Groups.
You can change or assign the role on from the Right side.
Click OK to save & close.

configure-ad-vcsa-12

Now you can see that your user listed below.

configure-ad-vcsa-13

 

We have saw 2 ways to configure the AD Identity sources. You can use any of the way depending on your requirements. After configuring the Identity source you need to add permissions to the user. After successful configuration you can use the Active Directory user to login to vSphere Web Client.

That’s it for Today Friends. I Hope you liked reading this post & If you find anything more to be added or removed feel free to write it in our comments. If you find it useful You are Feel free to share this on social media to help others & spread knowledge.
If you have any query on any thing you are free to write it in our comments section & we will make sure to provide you the better solution as soon as possible.

Join Our LinkedIn Group to get Updates & Discussions : Mastering VMware.
Checkout our Facebook Group for discussions & more.
You can also Like & Share our Facebook Page for Latest Updates.

About Mayur Parmar

Hi I am Mayur Parmar. Independent Author & Founder of Mastering VMware. I am working in IT industry for more than 2 Years with knowledge of VMware , Microsoft Server's, Linux Server's.

Check Also

vsan-performance-service-0

How to Enable vSAN Performance Service

In this series of vSAN we have successfully configured vSAN and vSAN Storage policies. vSAN …

vcsa6.7-Installation-0

How to Install VCSA 6.7 Step by Step

VMware has announced the newer version of vSphere product line which is vSphere 6.7. In …

Deploy and Use Nakivo Backup and Replication Directly on NAS

Nakivo provides the backup and replication solution for VMware, Hyper-V and AWS EC2 Instances. Single …

7 comments

  1. What is the point of put your documents on your blog if you don’t allow anyone to copy and paste (lol).

  2. Question,

    I have joined VCMA 6.5, to a Windows Domain 2012 Windows AD Integrated Authentication
    Also, we have vCenter 6.0 (on Windows Server) joined to the same domain for our development env.
    We have Horizon View in the vSphere 6.0 as well as the view desktops joined to the same domain.

    I am seeing the below message pop up only on the VCMA 6.5 ..and not on 6.0 vCenter
    …Some elements could not be shown or their information could not be retrieved in time..

    I received a response that I should reconfigure our Windows Server AD as LDAP Server. The issue is that AD is also being used by vSPhere 6.0 development system on the same network. Not sure of the process to do this or what the affects may cause..

    Can i just remove the Windows AD Integrated Authentication and add LDAP to see i f this removes the error?

    • @stan novinsky
      I am not sure about the error will get removed or not but you can remove AD Integrated Authentication and add LDAP. It might require you to restart VCSA so make sure before that.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × four =