VMware vSphere: Join a vCenter VCSA Appliance to an Active directory domain by command line


the vCenter GUI offers the ability to add an identity provider like Microsoft AD. In some cases this won’t work. For example if you are not a domain admin and you have to specify in which organisation unit the computer object should created.

Lets do it. Login to the VCSA Appliance by ssh and start a root shell.

Command> shell
Shell access is granted to root
root@vCenter ~ # 

You need the distinguished name of the folder where the computer object should be created and a login which have the permissions to join the domain in that folder.

The join command is domainjoin-cli

root@vCenter ~ # /opt/likewise/bin/domainjoin-cli join --advanced --ou "OU=MyComputers,OU=MyDepartment,DC=MyDomain,DC=org" MyDomain.org "myJoinLogin@MyDomain.org"
Joining to AD Domain:   MyDomain.org
With Computer DNS Name: myVCenter.MyDomain.org
myJoinLogin@MYDOMAIN.ORG's password:


The join state can be checked

root@vCenter ~ # /opt/likewise/bin/domainjoin-cli query

vCenter can also create an DNS entry. Sometimes this doesn’t work. As a workaround it can be triggered by (replace the IP Address with your vCenters one)

root@vCenter ~ # /opt/likewise/bin/lw-update-dns --ipaddress

Add it to the crontab to daily (5 o’clock) refresh the entry

root@vCenter ~ # crontab -e

and add

0 5 * * * /opt/likewise/bin/lw-update-dns --ipaddress


