You can join a Platform Services Controller appliance or a vCenter Server Appliance with an embedded Platform Services Controller to an Active Directory domain and attach the users and groups from this Active Directory domain to your vCenter Single Sign-On domain. In this blog I will explain how to join vCenter Server Appliance with an embedded Platform Services Controller to Active directory using Web GUI and Command Line.
- Time Synchronization – NTP sever to be configured to synchronize the time across the infrastructure
- Domain Controller – Writable Domain controller with admin access to join object to Active Directory Domain
- Communication – Required Domain communication ports must be open towards Domain
Join AD with vSphere Web Client
Open vSphere Web Client (https://[vcenter]/vsphere-client) and Login as Single Sign-On Administrator or a user with global permissions.
Navigate to Home > Administration > Deployment > System Configuration
Open Node you wan to join to Domain
Navigate to Manage > Settings > Active Directory and click Join…
Enter AD domain information, like Domain Name, OU, Username which has admin privileges to join Domain and Password. Press OK
Reboot the Appliance to take the changes on effect.
After rebooting you can see the Domain name on Web UI
Join AD with Command Line
Enable SSH login by following below steps
vSphere Web Client > Administration > System Configuration > Nodes > Manage > Settings > Access
Edit and Enable SSH login
Connect to the vCenter Server Appliance with SSH, use root credentials to login and activate the bash shell
Use the domainjoin-cli tool to join the domain, this will prompt for password of the account provided.
# /opt/likewise/bin/domainjoin-cli join [domain] [user name]
Reboot the appliance
When the appliance is back online it is part of the Active Directory domain
You can verify domain status from vCSA command line
# /opt/likewise/bin/domainjoin-cli query
If you have any comments, please drop me a line