Objective 2.2: Create and Manage Directories

This is part of my VCP7-CMA study guide – Objective 2.2: Create and Manage Directories.

Official Blueprint-


Knowledge

  • Create and manage LDAP directory for Active Directory in vRealize Automation
  • Create and manage Windows Integrated Authentication Directory in vRealize Automation
  • Determine and configure appropriate user and directory binding details
  • Evaluate directory synchronization health and troubleshoot issues

Tools


In vRealize 7.x VMware replaced the underlying identity management system from vCenter SSO to VMware Identity Manager (vIDM), vIDM is integrated to the vRA 7.x appliance and is easy to scale with the addition of another vRA appliance.

There are two options to link vRA to Active Directory –

  • Active Directory over LDAP.
    Create this directory type if you plan to connect to a single Active Directory domain environment. For the Active Directory over LDAP directory type, the connector binds to Active Directory using simple bind authentication.
  • Active Directory, Integrated Windows Authentication.
    Create this directory type if you plan to connect to a multi-domain or multi-forest Active Directory environment. The connector binds to Active Directory using Integrated Windows Authentication.

Source – Installing and Configuring VMware Identity Manager > Integrating with Active Directory

Further reading –

Create and manage LDAP directory for Active Directory in vRealize Automation

See “Create and manage Windows Integrated Authentication Directory in vRealize Automation”.

Create and manage Windows Integrated Authentication Directory in vRealize Automation

There are some great blog post about this, basically Active Directory over LDAP or Active Directory Integrated Windows Authentication (IWA) are configured almost the same. Note – There is a different between vRA 7.0 and vRA 7.2 with the addition of LDAP support for authentication and single sign-on in vRA 7.2.

Eric Shanks (The IT Hollow) – vRealize Automation 7 – Authentication

Michael Rudloff (Open902.com) – vRA7 – AD Integration

Michael Rudloff (Open902.com) – vRealize Automation 7.2 – Endpoints and AD Integration

Ben King (BK DC) – ADDING ACTIVE DIRECTORY AUTHENTICATION TO VRA7

Source – Configure a Link to Active Directory

Determine and configure appropriate user and directory binding details

When using Active Directory Integrated Windows Authentication (IWA) the vRA appliance will automatically be join the domain. The user you plan to use for binding the vRA to Active Directory need to have a “join computer to AD domain” permission.

If for some reason, the user you are using don’t have the rights to join a domain – follow this –

  1. Create the computer object in Active Directory, make sure the location (OU) meet your company policy. Also, make sure to use FQDN.
  2. On the Connectors page – click Join Domain and use any domain user account available in Directories Management.

Source – Join a Connector Machine to a Domain

Evaluate directory synchronization health and troubleshoot issues

Evaluating the directory synchronization is pretty straightforward, go to Administration -> Directories, on the directory that you had previously added you can see when was the last sync, if there are any alerts and the overall health (green icon).

1

You can drill down by clicking on the Directory Name and then to Sync Log.

2

Note the text –

For information about Users and Groups that were synced – click the Sync Details link.

To review the sync log – click the Alerts link.

One thought on “Objective 2.2: Create and Manage Directories

  1. Pingback: VCP7-CMA Study Guide | The SysAdmin Logs

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s