vCenter HA: Connect Platform Services Controllers to Active Directory

This post is part of a series on deploying Highly Available vCenter and Platform Services Controllers.

Part 1: vCenter HA: Deploy External Platform Services Controller

Part 2: vCenter HA: Configure NetScaler for External Platform Services Controllers

Part 3: vCenter HA: Replace Certificates for Platform Services Controllers

Part 4: vCenter HA: Connect Platform Services Controllers to Active Directory

Part 5: vCenter HA: Deploy vCenter

Part 6: vCenter HA: Replace Certificates for vCenter

Part 7: vCenter HA: License vCenter

Part 8: vCenter HA: Add and Configure Hosts and Clusters

Part 9: vCenter HA: Add and Configure Datastores and Datastore Clusters

Part 10: vCenter HA: Add and Configure Distributed Switches

Part 11: vCenter HA: Configure vCenter HA

Part 12+: Advanced Tasks (Coming soon)


Here we will be adding our Platform Services Controllers to Active Directory and configuring some initial roles.

Open your browser to:  https://hostname/psc/

Go ahead and log in with the default administrator for SSO. i.e. administrator@vsphere.local

Click Appliance Settings.

Click Manage.

Click Join.

Enter the domain.

Enter the user/password with access to add computers to the domain.

Click OK.

Now the appliance should be successfully added to Active Directory.

Click Appliance Settings.

Click VMware Platform Services Appliance.

Log in with your root credentials not the SSO admin.

Click Reboot in the upper right.

Do this on both appliances to apply the changes.

Once they are back up, open the browser back to the PSC admin console.

Click Configuration.

Click Add.

Select the radio button for Active Directory (Integrated Windows Authentication)

Click OK.

Now your identity source has been added. We can proceed to adding AD credentials into SSO.

Click Users and Groups.

Click Groups.

Click Administrators.

Click Add at the bottom…not the top.

Use the drop down to select the Active Directory domain.

Select the user or group you wish to add by checking the box.

Click Add.

Click OK.

Now you have added a user/group to specific roles in SSO. Depending on what you added, you may still need to grant vCenter permissions after it is deployed.

Here is a link to the 6.5 Security Administration docs: HERE


Next Post: vCenter HA: Deploy vCenter


Leave a Reply