Windows: Locate the CA in your Active Directory Infrastructure

Hi,

there are two ways to determine the Certitification Authority in your Active Directory environment.
More »

Windows: Find all Terminal/Remote Desktop Server Licenseserver

Hi,

to determine which Server provides the Terminal License Server Role in your Active Directory Forest use the following powershell script.

More »

Powershell: List members of an Active Directory Group

Hi,

here are the code snippets to list all members of an Active Directory Group.

Some constants

# Define LDAP search root, the Global catalog of the domain
$sLDAPSearchRoot="LDAP://yourDomain.com:3268"
# The Groupname to looking for
$sGroupName="USR_GRP_IN_AD"

More »

Powershell: Active Directory Domain Operations

Hi,

some commands to manage Active Directory Domain Controllers by using the .NET System.DirectoryServices.ActiveDirectory.Domain Class.
Load the assembly

[reflection.assembly]::LoadWithPartialName("System.DirectoryServices.Protocols")|Out-Null

Get a Domain Object with the logon Domain of the current user
More »

VMware vCenter: Howto add an Active Directory Domain as SSO Identity Source and using system session credentials

Attention: If plan a update to VMware vSphere/vCenter 5.1.0 Update 1. Currently this version contains a bug which prevents User from Login. VMware is working on an Fix. See KB2050941

=> Bug is solved in 5.1.0 Update 1a

Hi everybody,

since VMware vCenter 5.1 a new service SSO, the Single Sign On Service,  handles the authentication for all logons. The advantage is that multiple authentication sources are possible. For example Local User and groups, OpenLDAP Directory Services and of course Microsofts Active Directory.

This post is related to vCenter Version 5.1.0b and describes how to add an Active Directory Domain as Identity source and get this running by using the “Reuse session” Authentication Type. The last one is the tricky part :-).

Let us start. Start the vSphere WebClient with a login which owns the appropriate rights, for example admin@system-domain or any other user who owsn has the SSO administrator privileges, and navigate to Administration/Sign On and Discovery/Configration. In the default configuration two identity sources are added by default. The SSO database and the user management of the local server.

To add an Active Directory as identity source the following informations are required

  • The Domain fully qualified domain name
  • The Domains NetBIOS Name
  • At least one domain controller
  • The Base DN for the users and groups

The attached powershell script GetSSOParameters.ps1 should determine this for your domain. You must start the script with the fully qualified domain name as parameter. Try it!

PS c:\>GetNetBiosDomainName.ps1 yourdomain.com
Basic Config for VMware SSO Identity source
NAME: YOURDOMAIN
Primary Server: ldap://domaincontroller1.yourdomain.com
Secondary Server: ldap://domaincontroller2.yourdomain.com
BaseDN Users: DC=yourdomain,DC=com
Domain: yourdomain.com
Domain Alias: YOURDOMAIN
BaseDN Groups: DC=yourdomain,DC=com

If you have the necessary information you can add the Identity source. See Screenshot below. First try to add by specifing a Username and a password which have the rights to query the Active Directory

VMware SSO Identity Source with "Password" option

VMware SSO Identity Source with “Password” option

Press the Test Connection Button and normally this return that the connection is successfully established. More »

Original Theme by Schiy · Powered by WordPress