VMware administrator
To have administrator priviledges on a VMware ESXi server
(ESXi), a user must be listed in the Domain Admins group
on the Active Directory server (AD).
To list the users of the group Domain Admins, execute
the following command on the AD:
# samba-tool group listmembers "Domain Admins"
To add a user to the group
Domain Admins, execute the
following command on the AD:
# samba-tool group addmembers "Domain Admins" user_name
Note: it may be possible that a user has to be re-added
to the group after the account has been disabled and then
re-enabled.
To grant administrator priviledges on an ESXi to the AD group
Domain Admins, use the following procedure.
- Connect to the ESXi using the VMware vSphere standalone client.
Authenticate with the root account.
Select the Configuration tab, the Authentication
Services item and click on Properties....
- In the popup window, select Active Directory, enter
the Domain cs.ait.ac.th and click on Join
Domain.
- In authentitcation window, enter the User Name
Administrator and the Unix root password. Click on
Join Domain.
Now the ESXi can access the accounts
defined in the AD.
- Select the tab Permissions, right click on the window
and select Add Permission...
- In the popup window, select the Assigned Role
Administrator and click on Add...
- In configuration window, select the Domain SMB4, in
the Users and Groups select the group Domain Admins and
click on Add.
SMB4\Domain Admins is now listed in the Groups, click on
OK.
All the users listed in the group Domain Admins of the AD
have Administrator priviledges on the ESXi.