vSphere 7’s vCenter Server Identity Provider Federation feature allows for MFA

In this series on virtualizing Active Directory on VMware vSphere, we’ve discussed earlier how to set up a straight-forward vCenter delegation model for running virtual Domain Controllers safely. Today, I want to discuss a new feature in VMware vSphere 7 that improves the lives of Identity and Access Management (IAM) professionals working with both technologies: … Continue reading "vSphere 7’s vCenter Server Identity Provider Federation feature allows for MFA"

The video of our Active Directory session at VMware VMworld 2020 is now available

VMworld is a global conference for virtualization and cloud computing, hosted by VMware. It is the largest virtualization-specific event. No wonder, I was pleased to announce my return to this awesome event. And now, you can enjoy Deji Akomolafe’s, Matt Liebowitz’s and my efforts in creating a demo-packed, full-featured version of the ‘Virtualize Active Directory … Continue reading "The video of our Active Directory session at VMware VMworld 2020 is now available"

Active Directory-related sessions at VMware VMworld 2020

VMware’s VMworld 2020 event kicks off in one week. For 2020, VMworld is organized differently to align with the new reality. Instead of multiple VMworld events, one virtual VMworld event is organized. This VMworld 2020  ‘Online Around the Globe’ event is held from September 29th to October 1st, 2020. The big advantage for you, is … Continue reading "Active Directory-related sessions at VMware VMworld 2020"

I’m speaking at VMware VMworld 2020

I’m pleased to announce that I will be delivering a 1-hour break-out session with Deji Akomolafe, Staff Solutions Architect at VMware and Matt Liebowitz, Staff Architect at VMware, at VMware VMworld 2020 on September 29th – October 1st, 2020.   About VMware VMworld VMworld is a global conference for virtualization and cloud computing, hosted by … Continue reading "I’m speaking at VMware VMworld 2020"

vSphere 7’s vMotion interface notifies for time differences between vSphere hosts

In the series Virtualizing Domain Controllers on vSphere, I explained the importance of proper time synchronization for virtualized Active Directory Domain Controllers and how to keep these Domain Controllers on trusted vSphere hosts only. Recent versions of the VMware Tools have time synchronization disabled by default. This means the reliance on proper time on vSphere hosts … Continue reading "vSphere 7’s vMotion interface notifies for time differences between vSphere hosts"

Building a straight-forward vSphere delegation model for running virtual Domain Controllers safely

When Active Directory Domain Controllers run as virtual machines on top of VMware vSphere, virtualization, storage and backups admins may be considered equal to enterprise admins in Active Directory, because they have the equivalent of physical access to Domain Controllers. Admittingly, you don’t want everyone to use root or administrator@vsphere.local to manage the virtualization platform, … Continue reading "Building a straight-forward vSphere delegation model for running virtual Domain Controllers safely"

Achieving Active Directory-as-a-Service with VMware vRealize Orchestrator

VMware’s vRealize Orchestrator is a product used by many virtualization admins to automate common tasks. Today, we’re looking at using vRealize Orchestrator to enable automation of common Active Directory tasks, so Active Directory admins may benefit from this solution using the publicly available blueprints for Active Directory.   About vRealize Orchestrator vRealize Orchestrator helps simplify … Continue reading "Achieving Active Directory-as-a-Service with VMware vRealize Orchestrator"

Three ways to use Site Recovery Manager with virtualized Domain Controllers

One of the benefits of virtualizing machines is the built-in resiliency of the underlying virtualization platform. In many vSphere environments consisting of multiple datacenters, this resiliency is expanded with Site Recovery Manager. There are, however some things you’ll want to know about using Site Recovery Manager in combination with virtualized Domain Controllers. As usual, not … Continue reading "Three ways to use Site Recovery Manager with virtualized Domain Controllers"

KnowledgeBase: If one of the address families on a dual stack Domain Controller is not enabled, adding VMware ESXi hosts to the domain might randomly fail

There is an issue in VMware ESXi 7.0, where adding ESXi hosts to Active Directory Domain Services fails randomly in networks with both IPv4 and IPv6 enabled.               The situation In many environments, VMware vCenter environments or VMware ESXi hosts are added to Active Directory Domain Services to allow for single sign-on with domain accounts … Continue reading "KnowledgeBase: If one of the address families on a dual stack Domain Controller is not enabled, adding VMware ESXi hosts to the domain might randomly fail"

Keeping virtual Domain Controllers apart on trusted VMware vSphere hosts

Virtualizing Domain Controllers introduces risks that are not present when running non-virtualized Domain Controllers. Two of these problems –running Domain Controllers on hosts with the wrong time and running all Domain Controllers on the same host –can be addressed with one VMware vSphere feature: VM/Host Rules.   Additional challenges when running virtualized Domain Controllers We’ve … Continue reading "Keeping virtual Domain Controllers apart on trusted VMware vSphere hosts"