Active Directory VMware Configuration

In the event that vCenter Server is unavailable, it is recommended to configure an Active Directory account that can be used to connect directly to the VMware hosts to perform shutdown actions. vCenter Server must be available for Dell VxRail cluster shutdown.

This topic outlines how to configure an Active Directory account that can be used to connect directly to the VMware hosts to perform shutdown actions. This topic is only relevant in a stretched cluster configuration.

  1. In Active Directory Users and Groups create a group called ESX Admins and add your user(s) to the group.

    		When using Active Directory VMware provides a default AD Group account called "ESX Admins". This group is automatically added to each ESXi host joined to the domain and is granted administrator rights by default.
  2. Add Active Directory as an Identity Source in VMware Single Sign On using the vSphere Web Client.
  3. Log in to vCenter Server using the vSphere Web Client via a browser - https://<your_vcenter_ip>  - using default vCenter Server administrator account – administrator@vsphere.local.
  4. Navigate to Administration > Single Sign On > Configuration and then on the Identity Sources tab.

  1. Click on the symbol to add a new identity source.
  2. Select Active Directory as a LDAP Server.
  3. Enter the domain details; e.g. - testdomain.com
    1. Name: testdomain
    2. Base DN for Users: CN=Users, DC=testdomain, DC=com
    3. Domain Name: testdomain.com
    4. Alias: testdomain
    5. Base DN for Groups: CN=Users, DC=testdomain, DC=com

    6. Primary Server URL: domaincontroller.testdomain.com

    7. Username: testdomain\domainuser

  1. Click OK.
  2. Log into vCenter using the vSphere client and navigate to Menu > Administration >Single Sign On > Users and Groups.
  3. Click on the symbol and create a user.
  4. Click OK.

  1. Navigate to Menu > Administration > Global Permissions.
  2. Click on the symbol. Select User and change the Assigned Role to Administrator.
  3. Confirm "Propagate to children" is selected.
  4. Click OK.
  5. Add all required roles for the User.


Shared Local Account for vCenter Server and VMware hosts

Create Shared Local Account on vCenter Server - not using local OS

  1. In the event that vCenter Server is unavailable a shared account needs to be configured that can be used to connect directly to the VMware hosts to perform shutdown actions. vCenter Server must be available for Dell VxRail cluster shutdown. A shared account needs to be configured that can be used to connect directly to the VMware hosts to perform shutdown actions.
  2. Log in to vSphere Web Client as administrator@vsphere.local.
  3. Navigate to Menu > Administration > Single Sign On > Users and Groups.
  4. Select the vsphere.local domain and click Add User.

  5. Enter your vCenter username and password, and click OK.
  6. Navigate to Menu > Administration > Global Permissions.
  7. Click on the symbol. Select the User created in Step 4 and change the Assigned Role to Administrator.
  8. Confirm "Propagate to children" is selected.
  9. Click OK.

 

  1. Navigate to Single Sign On > Configuration > Identity Sources. Select the vsphere.local domain where the new User was added and set this as the default domain.

 

  1. In PowerChute, when adding the username, do not include the @vsphere.local suffix. This is not required as ESXi host usernames cannot include @vsphere.local.

Create Shared Local Account on vCenter Server - using local OS

  1. In the event that vCenter Server is unavailable a shared account needs to be configured that can be used to connect directly to the VMware hosts to perform shutdown actions. vCenter Server must be available for Dell VxRail cluster shutdown. A shared account needs to be configured that can be used to connect directly to the VMware hosts to perform shutdown actions.
  2. If Active Directory is not available then a local user account can be added to vCenter Server.
  3. An account with the same name and password then needs to be added to each ESXi host.

  4. Log in to vCenter Server machine and add a user via Computer Management -> Local Users and Groups for Windows.

    On Linux/vCenter Server Appliance use the terminal commands “useradd” and “passwd”.

  5. Log in to vCenter Server using the vSphere Client and navigate to Menu > Administration > Global Permissions.
  6. Click on the symbol. Select vsphere.local under User, select the User that was added in step 4 and change the Assigned Role to Administrator.
  7. Confirm "Propagate to children" is selected.
  8. Click OK.

 

Shared Local Account for vCenter Server and VMware hosts

Create Shared Local Account on each VMware host

  1. Log in to the ESXi Client and navigate to Manage > Security and Users > Users.
  2. Click Add User.
  3. Enter your username and password, and click OK.
  4. Right-click the Host in the inventory and click Permissions.
  5. Click Add User.
  6. Select the User created in step 2 and change the Assigned Role to Administrator.
  7. Click OK.

A shared local account should be used when vCenter Server is running on a VM and Active Directory is unavailable.