In vCenter Server versions earlier than vCenter Server 5.1, vCenter Server adds Active Directory domains that the vCenter Server host or virtual machine is part of. In vCenter Server 5.1, vCenter Single Sign-On discovers those Active Directory domains that the vCenter Single Sign-On host or virtual machine is part of.

vCenter Single Sign-On adds those discovered Active Directory domains. Unlike earlier vCenter Server versions, which permit only one Active Directory domain at a time to be configured for vCenter Server, in vCenter Server 5.1 with Single Sign-On, you can add multiple Active Directory domains.

If you use Active Directory in your infrastructure and you want the Single Sign-On installer to add Active Directory automatically as a Single Sign-On identity source, the following requirements apply:

You must log in as a domain user when you install Single Sign-On.

You must install Single Sign-On on a machine joined to the Active Directory domain. In this case, all machines on which Single Sign-On servers will be installed must be joined to the same domain. The domain controllers might be different, but the Single Sign-On server will discover and add the local one.

On the Single Sign-On host machine, the Active Directory machine account must have read permissions on the entire Active Directory and on the user and group attributes of the Active Directory.

vCenter Single Sign-On can also add multiple OpenLDAP domains, and you can configure vCenter Server to be available to users who are registered with these OpenLDAP repositories, enabling you to manage vCenter Server access without Active Directory.

For more information about vCenter Single Sign-On, see vSphere Security.