Managed Object - HostActiveDirectoryAuthentication

Extends
HostDirectoryStore
Since
vSphere API 4.1


Managed Object Description

The HostActiveDirectoryAuthentication managed object indicates domain membership status and provides methods for adding a host to and removing a host from a domain.

Properties

Name Type Description
None
Properties inherited from HostDirectoryStore
None
Properties inherited from HostAuthenticationStore
info

Methods

Methods defined in this Managed Object
ImportCertificateForCAM_Task, JoinDomain_Task, JoinDomainWithCAM_Task, LeaveCurrentDomain_Task
Methods inherited from HostDirectoryStore
None
Methods inherited from HostAuthenticationStore
None

ImportCertificateForCAM_Task

Import the CAM server's certificate to the local store of vmwauth.

The certificate should have already been uploaded to ESXi file system.

Required Privileges
Host.Config.AuthenticationStore
Since
vSphere API 5.0

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the HostActiveDirectoryAuthentication used to make the method call.
certPathxsd:string

full path of the certificate on ESXi
camServerxsd:string

IP of server providing the CAM service.

Return Value

Type Description
ManagedObjectReference
to a Task

Faults

Type Description
ActiveDirectoryFaultThrown for any problem that is not handled with a more specific fault.
FileNotFoundThrown if the certificate file does not exist
InvalidCAMServerThrown if camServer is not a valid IP address
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.



JoinDomain_Task

Adds the host to an Active Directory domain.

If the HostAuthenticationStoreInfo.enabled property is True (accessed through the info property), the host has joined a domain. The vSphere API will throw the InvalidState fault if you try to add a host to a domain when the host has already joined a domain.

Required Privileges
Host.Config.AuthenticationStore

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the HostActiveDirectoryAuthentication used to make the method call.
domainNamexsd:string

Name of the domain to be joined.
userNamexsd:string

Name for an Active Directory account that has the authority to add hosts to the domain.
passwordxsd:string

Password for the userName account.

Return Value

Type Description
ManagedObjectReference
to a Task

Faults

Type Description
ActiveDirectoryFaultThrown for any problem that is not handled with a more specific fault.
BlockedByFirewallThrown if ports needed by the join operation are blocked by the firewall.
ClockSkewThrown if the clocks of the host and the domain controller differ by more than the allowed amount of time.
DomainNotFoundThrown if the domain controller for domainName cannot be reached.
HostConfigFaultThrown if the host configuration prevents the join operation from succeeding.
InvalidHostNameThrown if the domain part of the host's FQDN doesn't match the domain being joined.
InvalidLoginThrown if userName and password are not valid user credentials.
InvalidStateThrown if the host has already joined a domain.
NoPermissionOnADThrown if userName has no right to add hosts to the domain.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.
TaskInProgressThrown if the HostActiveDirectoryAuthentication object is busy.



JoinDomainWithCAM_Task

Adds the host to an Active Directory domain through CAM service.

If the HostAuthenticationStoreInfo.enabled property is True (accessed through the info property), the host has joined a domain. The vSphere API will throw the InvalidState fault if you try to add a host to a domain when the host has already joined a domain.

Required Privileges
Host.Config.AuthenticationStore
Since
vSphere API 5.0

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the HostActiveDirectoryAuthentication used to make the method call.
domainNamexsd:string

Name of the domain to be joined.
camServerxsd:string

Name of server providing the CAM service.

Return Value

Type Description
ManagedObjectReference
to a Task

Faults

Type Description
ActiveDirectoryFaultThrown for any problem that is not handled with a more specific fault.
BlockedByFirewallThrown if ports needed by the join operation are blocked by the firewall.
CAMServerRefusedConnectionThrown if the specified CAM server is not reachable, or if the server denied access.
ClockSkewThrown if the clocks of the host and the domain controller differ by more than the allowed amount of time.
DomainNotFoundThrown if the domain controller for domainName cannot be reached.
HostConfigFaultThrown if the host configuration prevents the join operation from succeeding.
InvalidCAMCertificateThrown if the certificate of the given CAM server cannot be verified.
InvalidCAMServerThrown if camServer is not a valid IP address, or if camServer is not accessible.
InvalidHostNameThrown if the domain part of the host's FQDN doesn't match the domain being joined.
InvalidStateThrown if the host has already joined a domain.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.
TaskInProgressThrown if the HostActiveDirectoryAuthentication object is busy.



LeaveCurrentDomain_Task

Removes the host from the Active Directory domain to which it belongs.
Required Privileges
Host.Config.AuthenticationStore

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the HostActiveDirectoryAuthentication used to make the method call.
forcexsd:boolean

If True, any existing permissions on managed entities for Active Directory users will be deleted. If False and such permissions exist, the operation will fail.

Return Value

Type Description
ManagedObjectReference
to a Task

Faults

Type Description
ActiveDirectoryFaultThrown for any problem that is not handled with a specific fault.
AuthMinimumAdminPermissionThrown if this change would leave the system with no Administrator permission on the root node.
InvalidStateThrown if the host is not in a domain or there are active permissions for Active Directory users.
NonADUserRequiredonly non Active Directory users can initiate the leave domain operation.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.
TaskInProgressThrown if the ActiveDirectoryAuthentication object is busy.