Integrate Active Directory with VMware Identity Manager
Configure Connector Services Admin for AD integration
Configure Identity Manager for multi-domain/trusted multi-forest domains
To configure Connector for AD integration, first we need to add to existing Identity Manager instance. We can do this by creating Activation Code and importing it into new Identity Manager connector. After finishing this step we can create AD domain integration by selecting Add Directories under Identity & Access management > Directories . Select Directory Name and choose new Connector from list for Sync Connector, we need to provide DN of user and DN for OU where this user resign as well password. Click Save and Next, and specify child domain from the list.
We can integrate VMware Identity Manager with an Active Directory environment that consists of a single Active Directory domain, multiple domains in a single Active Directory forest, or multiple domains across multiple Active Directory forests.
Add multiple domain names to the sign in page
Under identity & Access management > Identity Providers we can select Identity Provider in setting page scroll down to Users and check to which domain user can login.
Filter Active Directory users/groups
We can search AD servers to sync users and groups to be included in Identity Manager. From Identity Manger Admin Console open Identity & Access management > Directories click Directory Name and Syn Settings. On the Groups tab we can specify groups we want to add into.
We can specify which AD user account to sync with Identity Manager, as well which account we wand to exclude from synchronization.
We have many attributes to choose from and conditions.
Create a domain host lookup file
Host lookup file can be created when using DNS Service Location with AD Directory is enabled by default with Active Directory over LDAP we have choice to enable it. DNS Service Lookup is use to select Domain Controllers, but it is not Site aware, if we have Domain Controllers with multiple sites non-optional Domain Controller can be selected. We need to login as Root and create new file domain_krb.properties under /usr/local/horizon/conf and add domain controllers using following format
example.com=examplehost1.example.com:389,examplehost2.example.com:389 important thing Domain Name and host must be lowercase. Change the file owner to horizon and group www using chown horizon:www /usr/local/horizon/conf/domain_krb.properties command. Restart service using service horizon-workspace restart command
Click here to read other entries in the series VCAP6 -DTM