Join the vCSA 6.7 to an Active Directory Domain From HTML Client

VMware vSphere 6.7  is the latest version released by VMware and there are many enhancement and new features are available with this release. The major change for the vCenter Server Appliance is simplified  architecture and all  vCenter Server services are running on a single instance with all the function .With vSphere 6.7 new HTML5 client is available with may enhancements  , VMware is working on to reach 100 %  for all the functions are fully supported by HTML5 client .

In this post I am sharing  configure  vCSA6.7 to an Active Directory Domain From HTML Client and other options available  there  ,additionally command to join , dis-join and verify domain status .

Join AD Domain

• Open vSphere HTML Client
• Login as Single Sign-On Administrator or a user with global permissions.
• Navigate to Administration >Configuration

From Identify Sources Tab you can verify available domain and by default Only SSO  and Localos will be available

• Navigate to Tab Active Directory Domain and Click on Join AD
• Add the Domain Name and Username and Password has permission to join to Active Directory and Click Join

Note:-  You have to reboot the Appliance to apply the changes

When the appliance is back online it will be part of Active Directory domain but you have to the domain to identity sources

• Login to vCenter with SSO Admin account Navigate to Administration >Configuration->Identity Sources

• Select ADD IDENTITY SOURCE and  Select Use machine account and click OK

And you can view your domain is listed on the identity Source tab

Additionally you can do below  configuration form same window

• Remove  the Joined Domain
• Create Login Message
• Smart Card Authentication
• Policies – Password Policy , Lockout Policy and Token Policy

Next add a Permission from Active Directory

Navigate to the Object , here I choose vCenter – > Permission -> Select the “+” symbol to add permission

From User Option Select the Domain Name

Search the Desired Username

Select the desired Role  and select the Propagate to Children Option and Click OK

Join to AD Domain using CLI

Also you can perform joining to active directory from command line

• Connect to the vCenter Server Appliance with SSH
• Activate the bash shell

#Command> shell

• Use the domainjoin-cli tool to join , dis-join and verify status of domain

Join to AD using CLI

# /opt/likewise/bin/domainjoin-cli join [domain] [user name] [password]

Note:-As a security reason you have to add only username and it will prompt for password and it won’t be visible

Verify the Domain status form CLI

Dis-join from a Domain From CLI