A new AD domain has just been added to vSphere as an identity source. This new domain has a user group called administrators group. Which role do the administrators group users have by default, when authenticated to vCenter Server?
This question identifies a NEW Domain added to vSphere, as an identiy source, and within this new domain is a user group called adminstrators. Simply because this new domain has a Administrators group doesn't mean it is automatically assigned ADMINISTRATOR rights within vCenter. The default access role would be applied to it meaning "No Access". Therefore I believe the correct answer to this question is D.
I believe the correct answer is D.
"The administrator of the vCenter Single Sign-On domain, [email protected] by default, the root user, and vpxuser are assigned the Administrator role by default. Other users are assigned the No Access role by default."
https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-93B962A7-93FA-4E96-B68F-AE66D3D6C663.html
This question is tricky. Key seems to be domain added as an identity source but not the group.
https://docs.vmware.com/en/VMware-vSphere/5.5/com.vmware.vsphere.security.doc/GUID-1F0106C9-0524-4583-9AC5-A748FD1DC4C5.html
vCenter Single Sign-On does not propagate permissions that result from nested groups from dissimilar identity sources. For example, if you add the Domain Administrators group to the Local Administrators group, the permissions are not propagated because Local OS and Active Directory are separate identity sources.
D is the best answer without being given further information.
There is no official 6.7 document referencing this but the closest link I believe is still applicable with this question regardless of LDAP considerations when authenticating to a vCenter server.
Adding Identity Source in vCenter is just a prerequisite to give someone an rights. Next you have to map AD user/group to vCenter privilege/permission. Right Answer is D – No Access
D is Correct.
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-93B962A7-93FA-4E96-B68F-AE66D3D6C663.html
No Access Role
The administrator of the vCenter Single Sign-On domain, [email protected] by default, the root user, and vpxuser are assigned the Administrator role by default. Other users are assigned the No Access role by default.
Answer is D.
The question is indicating that an Active Directory is configured as an identity source, therefore any AD user by default will have the No Access role in the vCenter until it is configured
The new AD domain group "administrators" is in a different evironments than vsphere.local. You would still need to grant the "domain\administrators" group the Administrator role. Until that is done, no access.
No Access Role
Users with the No Access role for an object cannot view or change the object in any way. New users and groups are assigned this role by default. You can change the role on an object-by-object basis.
The administrator of the vCenter Single Sign-On domain, [email protected] by default, the root user, and vpxuser are assigned the Administrator role by default. Other users are assigned the No Access role by default.
D= correct. after https://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc_50%2FGUID-9A748247-BFCF-4A8C-816A-3DB404B612C4.html
"Users who are in the Active Directory group ESX Admins are automatically assigned the Administrator role."
"ESX Admins" is not automatically created on AD and domains admins are not automatically members of "ESX Admins" group. After adding AD as identity source to vCenter you need to explicitly add vmware roles/permissions to AD users/groups.
Correct answer is D. Because new identity source AD has been added so you can see all those users who are listed under AD in vCenter but you have to explicitly give them vCenter rights, by "default" they have "no access" at all.
You guys are sharing the right links but it clearly states "By default, the [email protected] user has the Administrator role on both vCenter Single Sign-On and vCenter Server after installation. That user can then associate other users with the Administrator role on vCenter Server." Unless I'm missing something
The answer is C. "The administrator of the vCenter Single Sign-On domain, [email protected] by default is assigned the Administrator role by default.
Other users are assigned the No Access role by default."
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-93B962A7-93FA-4E96-B68F-AE66D3D6C663.html
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ALF4
Highly Voted 5 years, 6 months agocart
Highly Voted 5 years, 8 months ago[Removed]
Most Recent 4 years, 6 months ago[Removed]
4 years, 6 months agoNetdigest
4 years, 7 months agodongyangwha
4 years, 10 months agoJuanPC
4 years, 10 months agotgortva
4 years, 11 months agopopyto
5 years agoRass2
5 years, 1 month agos8y
5 years, 3 months agoVinythepat
5 years, 4 months agometapedro
5 years, 4 months agokoke
5 years, 4 months agoianol
5 years, 6 months agoianol
5 years, 6 months agoJoeTech88
3 years, 7 months agoCarbonfiber01
5 years, 7 months agomash
5 years, 7 months agofastbikkel
5 years, 8 months ago