Wed Dec 4 17:19:15 ICT 2013

VMware administrator

To have administrator priviledges on a VMware ESXi server (ESXi), a user must be listed in the Domain Admins group on the Active Directory server (AD).

To list the users of the group Domain Admins, execute the following command on the AD:

# samba-tool group listmembers "Domain Admins"
To add a user to the group Domain Admins, execute the following command on the AD:
# samba-tool group addmembers "Domain Admins" user_name
Note: it may be possible that a user has to be re-added to the group after the account has been disabled and then re-enabled.

To grant administrator priviledges on an ESXi to the AD group Domain Admins, use the following procedure.

  1. Connect to the ESXi using the VMware vSphere standalone client. Authenticate with the root account.
    Select the Configuration tab, the Authentication Services item and click on Properties....
  2. In the popup window, select Active Directory, enter the Domain cs.ait.ac.th and click on Join Domain.
  3. In authentitcation window, enter the User Name Administrator and the Unix root password. Click on Join Domain.
    Now the ESXi can access the accounts defined in the AD.
  4. Select the tab Permissions, right click on the window and select Add Permission...
  5. In the popup window, select the Assigned Role Administrator and click on Add...
  6. In configuration window, select the Domain SMB4, in the Users and Groups select the group Domain Admins and click on Add.
    SMB4\Domain Admins is now listed in the Groups, click on OK.

    All the users listed in the group Domain Admins of the AD have Administrator priviledges on the ESXi.

Posted by Olivier | Permanent link | File under: administration