Configure vMA for Active Directory Authentication

Configure vMA for Active Directory authentication so that ESXi hosts and vCenter Server systems added to Active Directory can be added to vMA without having to store the passwords in vMA’s credential store. This is a more secure way of adding targets to vMA.

Ensure that the DNS server configured for vMA is the same as the DNS server of the domain. You can change the DNS server by using the vMA Console or the Web UI. Ensure that the domain is accessible from vMA. Also, You must be able to ping the ESXi and vCenter Server systems that you want to add to vMA. Ensure that pinging resolves the IP address to <targetservername.domainname>, where domainname is the domain to which vMA is to be added.

To add vMA to a domain

1	From the vMA console, run the following command:

sudo domainjoin-cli join <domain-name> <domain-admin-user>

2	When prompted, provide the Active Directory administrator's password.

On successful authentication, the command adds vMA as a member of the domain. The command also adds entries in the /etc/hosts file with vmaHostname.domainname.

3	Restart vMA.

Now, you can add an Active Directory target to vMA. For steps to do this, see Add Target Servers to vMA.

To check vMA's domain settings

From the vMA console, run the following command:

sudo domainjoin-cli query

The command displays the name of the domain to which vMA has joined.

To remove vMA from the domain

From the vMA console, run the following command:

sudo domainjoin-cli leave

The vMA console displays a message stating whether vMA has left the Active Directory domain.