Similiar to automating the retrieval of the vCenter Server Appliance (VCSA) password policies using PowerCLI, we can extend that example and leverage the Guest Operations API via Invoke-VMScript cmdlet to also retrieve the identity sources configured for a given VCSA without requiring SSH access.
I have created a new VCSA.psm1 PowerCLI Module which now includes the previous Get-VCSAPasswordPolicy function along with the new Get-VCSAIdentitySource function which accepts the name of the VCSA VM and root password to the VM as shown in the screenshot below.
If you need to add a specific Identity Source such as an Active Directory Domain which you have joined the VCSA, you can simply use Invoke-VMScript cmdlet and pass in the following command:
/opt/vmware/bin/sso-config.sh -add_identity_source -type nativead -domain vmware.corp
Jason Hong-Turney says
I've only been waiting for forever for the option to add an AD domain during VCSA deployment/configuration, but I'm not seeing that sso-config.sh supports the option for -add_identity_source. Is this perhaps something that's in v7, and not v6.7?
Jason Hong-Turney says
Yep, just confirmed for myself with the v7 RC3 build, sso-config.sh _does_ have a command for add_identity_source. Really wish this would get backported to 6.7 builds as well...
William Lam says
This HAS already been back ported to both 6.5/6.7 since last March 🙂 See https://kb.vmware.com/kb/67304 and this is how I'm using it in my 6.7 env