In one of my vSphere 6.0 posts, I mentioned how to join vCenter Server appliance to an AD Domain, which you can find here. Today we will be looking at how to join VCSA 6.5 to AD Domain.
Now, there are a couple of things to keep in mind when joining the vCenter Appliance to AD Domain depending on the way your environment is set up.
If you have an external Platform Service Controller, then you will only be joining the PSC to the AD Domain. If you have an embedded vCenter Server Appliance, then we will add that to the Active Directory Domain.
Note: Joining the External Platform Services Controller or the Embedded vCenter Server Appliance to the Read-Only Domain Controller is unsupported. The Domain Controller needs to be a writable DC.
Prerequisites to Join to Active Directory Domain:
- The account used to login to the vCenter Server instance needs to be a member of SystemConfiguration.Administrators group in the vCenter Single Sign-On. firstname.lastname@example.org is already the member of this group.
- Make sure that the system name of the appliance is an FQDN, which means during the deployment if IP Address was provided as system name, then you will be unable to join the appliance to an AD Domain.
Now that we know which type of appliance can be joined to an Active Directory Domain and the prerequisites that need to be taken care of to add the appliance to AD Domain, let us look at the procedure to do so.
Log in to the vSphere Web Client using the email@example.com account to the vCenter Server instance.
The default address is https://IP-or-FQDN/vsphere-client
In my environment, I have an external Platform Services Controller appliance to which a vCenter Server appliance is registered. Therefore, we will be adding the External Platform Services Controller instance to the AD Domain.
Navigate to Administration > System Configuration > Nodes > Select the External PSC instance.
Click on Manage tab > Settings > Active Directory. Click on the Join Button which will bring up a wizard.
The operation silently succeeds and you can see that the Join button turned to Leave.
You need to now right-click the node you edited and select Reboot to restart the appliance so that the changes are applied.
For those who are interested in doing this from the command line, use domainjoin-cli utility to join the External PSCs to an AD Domain.
And if you are also having Platform Services Controller High Availability Setup, you would receive the following error in the GUI and have to add the PSC to AD Domain from the command line. I have articles for PSC HA Load Balancer setup here, here and here.
Take an SSH session to the External PSC and log in using the root credentials.
Type shell to bring up the shell prompt and type the below command to join the PSC to AD Domain.
/opt/likewise/bin/domainjoin-cli join lab.local firstname.lastname@example.org ‘Password’
Reboot the appliance to make sure that the changes take effect.
That’s it! You have successfully added the Externa; PSC to AD Domain. In the next post, we will see how to add the AD Domain as one of the Identity Sources in the vCenter Server instance.
I hope this has been informative and thank you for reading!