VCAP6-DTM Deployment Objective 6.4 – Integrate Active Directory with VMware Identity Manager

Integrate Active Directory with VMware Identity Manager

Configure Connector Services Admin for AD integration
Configure Identity Manager for multi-domain/trusted multi-forest domains

To configure Connector for AD integration, first we need to add to existing Identity Manager instance. We can do this by creating Activation Code and importing it into new Identity Manager connector. After finishing this step we can create AD domain integration by selecting Add Directories under Identity & Access management > Directories . Select Directory Name and choose new Connector from list for Sync Connector, we need to provide DN of user and DN for OU where this user resign as well password. Click Save and Next, and specify child domain from the list.


Adding Directory

We can integrate VMware Identity Manager with an Active Directory environment that consists of a single Active Directory domain, multiple domains in a single Active Directory forest, or multiple domains across multiple Active Directory forests.

Add multiple domain names to the sign in page

Under identity & Access management > Identity Providers we can select Identity Provider in setting page scroll down to Users and check to which domain user can login.


Domain List

Filter Active Directory users/groups

We can search AD servers to sync users and groups to be included in Identity Manager. From Identity Manger Admin Console open Identity & Access management > Directories  click Directory Name and Syn Settings. On the Groups tab we can specify groups we want to add into.


Accessing Directory Sync settings

We can specify which AD user account to sync with Identity Manager, as well which account we wand to exclude from synchronization.


Users account to sync

We have many attributes to choose from and conditions.


Filtering users attributes


Filtering user condition


AD Groups to sync

Create a domain host lookup file

Host lookup file can be created when using DNS Service Location with AD Directory is enabled by default with Active Directory over LDAP we have choice to enable it. DNS Service Lookup is use to select Domain Controllers, but it is not Site aware, if we have Domain Controllers with multiple sites non-optional Domain Controller can be selected. We need to login as Root and create new file under /usr/local/horizon/conf and add domain controllers using following format, important thing Domain Name and host must be lowercase. Change the file owner to horizon and group www using chown horizon:www /usr/local/horizon/conf/ command. Restart service using service horizon-workspace restart command

Click here to read other entries in the series VCAP6 -DTM

One response to “VCAP6-DTM Deployment Objective 6.4 – Integrate Active Directory with VMware Identity Manager

  1. Pingback: VCAP6-Desktop and Mobility Deployment Study Guide – Virtual Elementary·

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.