{"id":8175,"date":"2021-11-28T17:03:18","date_gmt":"2021-11-28T16:03:18","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=8175"},"modified":"2022-02-11T12:14:39","modified_gmt":"2022-02-11T11:14:39","slug":"vmware-vsphere-join-a-vcenter-vcsa-appliance-to-an-active-directory-domain-by-command-line","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/vmware-vsphere-join-a-vcenter-vcsa-appliance-to-an-active-directory-domain-by-command-line\/","title":{"rendered":"VMware vSphere: Join a  vCenter VCSA Appliance to an Active directory domain by command line"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_8175 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_8175')){$('.twoclick_social_bookmarks_post_8175').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"VMware%20vSphere%3A%20Join%20a%20%20vCenter%20VCSA%20Appliance%20to%20an%20Active%20directory%20domain%20by%20command%20line\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Athe%20vCenter%20GUI%20offers%20the%20ability%20to%20add%20an%20identity%20provider%20like%20Microsoft%20AD.%20In%20some%20cases%20this%20won%27t%20work.%20For%20example%20if%20you%20are%20not%20a%20domain%20admin%20and%20you%20have%20to%20specify%20in%20which%20organisation%20unit%20the%20computer%20object%20should%20created.%20The%20computerobject%20should%20not%20exists.%20Delete%20an%20already%20exiting%20object%2C%20it%20would%20be%20created%20during%20%20the%20join%20process%21%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/vmware-vsphere-join-a-vcenter-vcsa-appliance-to-an-active-directory-domain-by-command-line\\\/\",\"post_id\":8175,\"post_title_referrer_track\":\"VMware+vSphere%3A+Join+a++vCenter+VCSA+Appliance+to+an+Active+directory+domain+by+command+line\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>the vCenter GUI offers the ability to add an identity provider like Microsoft AD. In some cases this won&#8217;t work. For example if you are not a domain admin and you have to specify in which organisation unit the computer object should created. <strong>The computerobject should not exists. Delete an already exiting object, it would be created during  the join process!<\/strong><br \/>\n<!--more--><\/p>\n<p>Lets do it. Login to the VCSA Appliance by ssh and start a root shell.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nCommand&gt; shell\r\nShell access is granted to root\r\nroot@vCenter ~ # \r\n<\/pre>\n<p>You need the distinguished name of the folder where the computer object should be created and a login which have the permissions to join the domain in that folder.<\/p>\n<p>Also check the time of the VCSA and the domain. If time difference is > 5min an generic error ERROR_GEN_FAILURE language=&#8221;0x0000001f&#8221; could occur. In the WebGUI the error is error code [31].<\/p>\n<p>The join command is domainjoin-cli<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nCommand&gt; shell\r\nShell access is granted to root\r\nroot@vCenter ~ # \/opt\/likewise\/bin\/domainjoin-cli join --advanced --ou &quot;OU=MyComputers,OU=MyDepartment,DC=MyDomain,DC=org&quot; MyDomain.org &quot;myJoinLogin@MyDomain.org&quot;\r\nJoining to AD Domain:   MyDomain.org\r\nWith Computer DNS Name: myVCenter.MyDomain.org\r\nmyJoinLogin@MYDOMAIN.ORG's password:\r\n\r\nSUCCESS\r\n<\/pre>\n<p>If joining fails, you can add &#8211;loglevel verbose &#8211;logfile \/tmp\/domain.log before the join parameter for a detailed output.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nCommand&gt; shell\r\nShell access is granted to root\r\nroot@vCenter ~ # \/opt\/likewise\/bin\/domainjoin-cli --loglevel verbose --logfile \/tmp\/domain.log join --advanced --ou &quot;OU=MyComputers,OU=MyDepartment,DC=MyDomain,DC=org&quot; MyDomain.org &quot;myJoinLogin@MyDomain.org&quot;\r\n<\/pre>\n<p>The join state can be checked<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@vCenter ~ # \/opt\/likewise\/bin\/domainjoin-cli query\r\n<\/pre>\n<p>A get a list of all valid identity providers can retrieved by<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@vCenter ~ # \/opt\/vmware\/bin\/sso-config.sh -get_identity_sources\r\n<\/pre>\n<p>And adding the domain identity source by command line (previous join must succeded)<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@vCenter ~ # sso-config.sh -add_identity_source -type nativead MyDomain.org\r\n<\/pre>\n<p>vCenter can also create an DNS entry. Sometimes this doesn&#8217;t work. As a workaround it can be triggered by (replace the IP Address with your vCenters one)<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@vCenter ~ # \/opt\/likewise\/bin\/lw-update-dns --ipaddress 10.10.254.40\r\n<\/pre>\n<p>Add it to the crontab to daily (5 o&#8217;clock) refresh the entry <\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@vCenter ~ # crontab -e\r\n<\/pre>\n<p>and add<br \/>\n<code><br \/>\n0 5 * * * \/opt\/likewise\/bin\/lw-update-dns --ipaddress 10.10.254.40<br \/>\n<\/code><\/p>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, the vCenter GUI offers the ability to add an identity provider like Microsoft AD. In some cases this won&#8217;t work. For example if you are not a domain admin and you have to specify in which organisation unit the computer object should created. The computerobject should not exists. Delete an already exiting object, it &hellip; <a href=\"https:\/\/michlstechblog.info\/blog\/vmware-vsphere-join-a-vcenter-vcsa-appliance-to-an-active-directory-domain-by-command-line\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">VMware vSphere: Join a  vCenter VCSA Appliance to an Active directory domain by command line<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[95,146,1806,126,1808,127,1807,248,1708,86,14],"class_list":["post-8175","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-active-directory","tag-add","tag-debug","tag-domain","tag-identity","tag-join","tag-logging","tag-source","tag-update-dns-record","tag-vcenter","tag-vmware-2"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8175","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=8175"}],"version-history":[{"count":10,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8175\/revisions"}],"predecessor-version":[{"id":8493,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8175\/revisions\/8493"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=8175"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=8175"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=8175"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}