The domain account must have AD read permission for all objects in the domain tree. The event log reader account must have read permissions for security event logs.

1

Log in to the vSphere Web Client. 2. 3.

2

Click Networking & Security and then click NSX Managers.

3

Click an NSX Manager in the Name column and then click the Manage tab.

4

Click the Domain tab and then click the Add domain (Add domain) icon.

5

In the Add Domain dialog box, enter the fully qualified domain name (for example, eng.vmware.com) and netBIOS name for the domain.

To retrieve the netBIOS name for your domain, type nbstat -n in a command window on a Windows workstation that is part of a domain or on a domain controller. In the NetBIOS Local Name Table, the entry with a <00> prefix and type Group is the netBIOS name.

6

Click Next.

7

In the LDAP Options page, specify the domain controller that the domain is to be synchronized with and select the protocol.

8

Edit the port number if required.

9

Enter the user credentials for the domain account. This user must be able to access the directory tree structure.

10

Click Next.

11

In the Security Event Log Access page, select the connection method to access security event logs on the specified LDAP server. Change the port number if required.

12

Select Use Domain Credentials to use the LDAP server user credentials. To specify an alternate domain account for log access, un-select Use Domain Credentials and specify the user name and password.

The specified account must be able to read the security event logs on the Domain Controller specified in step 10.

13

Click Next.

14

In the Ready to Complete page, review the settings you entered.

15

Click Finish.

The domain is created and its settings are displayed below the domain list.

Verify that login events on the event log server are enabled.

You can add, edit, delete, enable, or disable LDAP servers by selecting the LDAP Servers tab in the panel below the domain list. You can perform the same tasks for event log servers by selecting the Event Log Servers tab in the panel below the domain list. Adding more than one Windows server (Domain Controllers, Exchange servers, or File Servers) as an event log server improves the user identity association.