VMware Photon OS has been the latest OS used for vCenter Server Appliance 6.5. This is the latest move from SUSE Linux Enterprise Server (SLES) as VMware wants to own the Operating system (OS) and manage its development cycles and patches releases.
Things that aren’t possible on Windows OS or SLES. That’s why VMware used Photon Linux and continues to develop Photon OS which is optimized for VMware platforms.
After the first deployment, the system creates a default PSC domain vsphere.local which is usually managed by the administrator@vsphere.local account.
To understand, you have to join the Platform service controller (PSC) to AD – not the vCenter Server. If you’re running an embedded PSC well then by joining the machine (Windows or VCSA) to the domain you are also joining vCenter Server to the domain. But, if you’re running an external PSC you don’t need to also join the machine vCenter Server is running on. Only the PSC.
What’re the advantages of joining VCSA to Microsoft AD?
If you managing larger enterprise environments you would probably want to reuse existing security groups present in Microsoft AD to give rights and permissions to manage VMware vCenter, right?
That’s exactly why would you want to join VCSA to AD. To allow central management for existing domain users. Like this, you don’t have to manually create users just to manage vSphere environment.
What’re the requirements for joining to Microsoft Active Directory (AD) domain?
- First, you’ll need to use the vCSA administrator@vsphere.local account and the vCSA server instance has to be a member of SystemConfiguration.Administrators group within the vCenter Single Sign-On (SSO)
- You have to be sure that the system name of the appliance is in Fully Qualified Domain Name (FQDN) format. You can’t use IP address as system name during the deployment. If that’s not the case you won’t be able to join the VCSA to Microsoft AD.
The steps
Login via vSphere web client into the VCSA. By default, you’ll use https://IP_of_VCSA/vsphere-client/
Administration > Deployment > System Configuration
Then open Nodes and click to select the vCenter (or external Platform service controller – PSC).
As on the screen below
Manage > Settings > Advanced > Active Directory and click the Join button.
You need to right-click the node you edited and select Reboot to restart the appliance so that the changes are applied. (This is a required step).
Verify Domain Status
You can verify the domain status by checking the “computer” container on your domain controller in Active Directory Users and computers management console.
Verify domain status from the domain controller
From the command line
You can also use command line (via Putty) to check the status.
|
1 |
/opt/likewise/bin/domainjoin-cli query |
Wrap Up:
Adding a Platform Service controller (PSC) running on VCSA or as an external one, to Microsoft AD will allow central management for existing users and groups within Microsoft AD. You’ll continue to manage only a single directory.
While the process is pretty straight forward, it’s important to mention that only the platform service controller has to be joined into a Microsoft AD, not the vCenter itself (if those two components are NOT running on the same VM).
You can then attach the users and groups from this Active Directory domain to your vCenter Single Sign-On domain. You will need to configure permissions for users and groups from an Active Directory domain to access the vCenter Server.
