During the installation of vCenter Single Sign On (SSO), the installer will attempt to detect the Active Directory (AD) domain for the logged in user and add it as an Identity Source. For the most part, this works fine; however, I’ve run into a couple of instances so far deploying vSphere 5.1 to customers where they either want to add a second AD Identity Source or for one reason or another (running the installer as the local administrator is a typical case), the installer didn’t properly add a non-System-Domain Identity Source.
To add a new AD Identity Source:
1. Log in to the vCenter Server Web Client as admin@system-domain (password defined during SSO installation).
2. Click Administration in the left-hand pane.
3. Under Sign-On and Discovery, click Configuration. On the Identity Sources tab, click the green + icon to add a new Identity Source.
- Name – Name of the identity source, e.g., domain name
- Primary Server URL – Primary domain controller
- Secondary Server URL – Secondary domain controller (optional)
- Base DN for Users – The base domain name for users (optional)
- Domain Name – The domain’s DNS name, e.g., domain.tld
- Domain Alias – The domain’s NetBIOS name, e.g. DOMAIN (optional)
- Base DN for Groups – The base domain name for groups (optional)
- Authentication Type – Choose Password
- User Name - A domain user with minimum read-only rights to the base DN for users and groups
- Password – The password for the above user
5. Click Test Connection to make sure you have connectivity.
6. Click OK to add the Identity Source.
7. Select the new Active Directory Identity Source, then click the icon for Add to Default Domains. Click OK on the subsequent warning.
8. Click the up arrow to move your Active Directory domain to the top, then click the Save button to save the configuration
You’ve now added a new Active Directory Identity Source.