Welcome back Folks,
In our previous VMware VCSA series, we learnt about how to find services information from both the GUI and the SSH console.
Well, in today's post we will look at How to Join VMware VCSA to domain. This should one of the first things that an administration should once the VCSA is deployed.
The reason being it gives a lot more flexibility in terms of managing your VCSA using your existing Active Directory Infrastructure.
The steps would remain the same even if you have a Windows-based vCenter Server. But I have seen that most of the customers are moving to VCSA as it is a solid alternative and it does not require an extra licence for your Windows Server.
So let's move on to the meat of the article, which is how to join VMware VCSA to domain.
Join VMware VCSA to domain
You will first have to connect to the vSphere Web Client using the URL http://appliance-IP-address-or-FQDN/vsphere-client
I would say to log in with the vCenter SSO account as right now it would have all the administrative privileges.
But if you are logging with an AD account, then you need to make sure that the user account is part of SystemConfiguration.Administrators group in vCenter Single Sign-On.
Once logged in, click on Administration > Deployment > System Configuration
You will now be presented with the Nodes and Services information, click on Node, select the VCSA and click on the Manage tab.
Now go to Advanced, select Active Directory, and click Join > Enter the Active Directory details.
The weird thing here is that it will not prompt you if the operation is succeeded or not. But if you do not receive any error messages that means the operation was successful.
Now you will have to go ahead with the reboot of the Node as suggested above.
Bear in mind that this will stop certain functions that the VCSA performs and you are presented with a confirmation screen along with the reason to be provided for the reboot.
The reboot should take some time as it goes about restarting all the core services of the VCSA. Once the reboot is completed, you should see that the Join button is greyed out and the Leave button is prominent.
You can also verify and logging into Active Directory Users and Computers on the Domain Controller and check in the Computers OU.
I hope this has been informative and thank you for reading!
1 Comment
Believe it or not, I was struck up on this for 2 days,
After joining the VCSA to the AD and rebooting, the appliance never prompt for user name and password and instead throw some [500] sso error.
And finally, It was the special character in the Administrator password of the AD was making the Pbm and I reset to a one without special character and every thing was working fine.
– May be helpful for some one following this blog.