VCP7-CMA – Objective 2.2

Disclaimer: These are my notes from taking the 2V0-731 exam. If something doesn’t make sense, please feel free to reach out.

The goal of this objective is to understand how to manage the Active Directory (or another user authentication solution) synchronisation within vRealize Automation. Short objective this one.

Objective 2.2 – Create and Manage Directories

• Create and manage LDAP directory for Active Directory in vRealize Automation
• Create and manage Windows Integrated Authentication Directory in vRealize Automation
• Determine and configure appropriate user and directory binding details
• Evaluate directory synchronization health and troubleshoot issues

References

• Configuring vRealize Automation

Directories are synchronised using a connector through an identity provider, vIDM built into vRA by default. As it is the connector that binds to AD, each provider has it’s own connector.

User attributes are synchronised into the internal identity provider and authenticated there rather than directly with AD.

Active Directory can be added one of two ways:

• Active Directory over LDAP – Binds to AD using simple Bind Authentication. Choose this type if you plan on using a single AD domain.
• Active Directory with Integrated Windows Authentication (IWA) – Binds to AD using integrated AD authentication. Choose this type if you’re binding to a multi domain forest (or in fact anything more complex than a single AD domain).

The directory needs to be created in the default tenant before being able to add it into the additional tenants. Login and go to Administration – Directories Management, Directories, add, fill in details.

When adding users, it will pick up nested groups. So add the OU containing all the groups & choose which groups to sync.

If groups are added to the directory, they will need adding to the synchronisation.

One gotcha I found was that my netbios name wasn’t in capitals so I was received an invalid user error message (that for some reason I didn’t write down). I used rendom to rename the domain & capitalise the netbios name. I have done this in production once, and it was seamless, still made me nervous though.

To check on the health of the synchronisation, open up the directory from Directories Management and view the Sync Log.

The information above was enough to get me through the exam, but there is much more detail in the documentation.