the vCenter GUI offers the ability to add an identity provider like Microsoft AD. In some cases this won’t work. For example if you are not a domain admin and you have to specify in which organisation unit the computer object should created.
Lets do it. Login to the VCSA Appliance by ssh and start a root shell.
Command> shell Shell access is granted to root root@vCenter ~ #
You need the distinguished name of the folder where the computer object should be created and a login which have the permissions to join the domain in that folder.
The join command is domainjoin-cli
Command> shell Shell access is granted to root root@vCenter ~ # /opt/likewise/bin/domainjoin-cli join --advanced --ou "OU=MyComputers,OU=MyDepartment,DC=MyDomain,DC=org" MyDomain.org "myJoinLogin@MyDomain.org" Joining to AD Domain: MyDomain.org With Computer DNS Name: myVCenter.MyDomain.org myJoinLogin@MYDOMAIN.ORG's password: SUCCESS
The join state can be checked
root@vCenter ~ # /opt/likewise/bin/domainjoin-cli query
vCenter can also create an DNS entry. Sometimes this doesn’t work. As a workaround it can be triggered by (replace the IP Address with your vCenters one)
root@vCenter ~ # /opt/likewise/bin/lw-update-dns --ipaddress 10.10.254.40
Add it to the crontab to daily (5 o’clock) refresh the entry
root@vCenter ~ # crontab -e
0 5 * * * /opt/likewise/bin/lw-update-dns --ipaddress 10.10.254.40