[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[],[],null,["# Configuring authentication using Active Directory\n=================================================\n\nYou can configure vCenter and NSX in Google Cloud VMware Engine to use your\non-premises Active Directory as an LDAP or LDAPS identity source for user authentication.\nOnce setup is complete, you can provide access to vCenter and NSX Manager and\nassign required roles for managing your private cloud.\n| **Caution:** Joining your private cloud vCenter to an Active Directory domain is unsupported and unnecessary. Your private cloud vCenter server only supports the **Active Directory over LDAP** identity source type, which doesn't require joining your vCenter to an Active Directory domain. Avoid the **Active Directory\n| (Windows Integrated Authentication)** identity source type.\n\nBefore you begin\n----------------\n\nThe steps in this document assume that you first do the following:\n\n- [Establish connectivity from your on-premises network to your private cloud](/vmware-engine/docs/networking/howto-connect-to-onpremises)\n- Enable DNS name resolution of your on-premises Active Directory:\n - For *Legacy VMware Engine Networks* : Enable DNS name resolution of your on-premises Active Directory by creating [DNS forwarding rules](/vmware-engine/docs/networking/howto-legacy-conditional-dns-forwarding) in your private cloud.\n - For *Standard VMware Engine Networks* : Enable DNS name resolution of your on-premises Active Directory by configuring [DNS bindings](/vmware-engine/docs/networking/howto-create-dns-bindings) to your VMware Engine network.\n\nThe following table lists the information you need when setting up your\non-premises Active Directory domain as an SSO identity source on vCenter and\nNSX. Gather the following information before setting up SSO identity sources:\n\nAdd an identity source on vCenter\n---------------------------------\n\n1. Sign in to the vCenter for your private cloud using a [solution user account](/vmware-engine/docs/private-clouds/howto-elevate-privilege#solution_user_accounts).\n2. Select **Home \\\u003e Administration**.\n3. Select **Single Sign On \\\u003e Configuration**.\n4. Open the **Identity Sources** tab and click **+Add** to add a new identity source.\n5. Select **Active Directory as an LDAP Server** , and click **Next**.\n6. Specify the identity source parameters for your environment, and click **Next**.\n7. Review the settings, and click **Finish**.\n\nAdd an identity source on NSX\n-----------------------------\n\n1. Sign in to NSX Manager in your private cloud.\n2. Go to **System \\\u003e Settings \\\u003e Users and Roles \\\u003e LDAP**.\n3. Click **Add identity source**.\n4. In the **Name** field, enter a display name for the identity source.\n5. Specify the **Domain Name** and **Base DN** of your identity source.\n6. In the **Type** column, select **Active Directory over LDAP**.\n7. In the **LDAP Servers** column, click **Set** .\n8. In the **Set LDAP Server** window, click **Add LDAP Server**.\n9. Specify the LDAP server parameters and click **Check status** to verify the connection from NSX manager to your LDAP server.\n10. Click **Add** to add the LDAP server.\n11. Click **Apply** and then click **Save**.\n\nPorts required for using on-premises Active Directory as an identity source\n---------------------------------------------------------------------------\n\nThe ports listed in the following table are required to configure your\non-premises Active Directory as an identity source on the private cloud vCenter.\n\nWhat's next\n-----------\n\nFor more information about SSO identity sources, see the following vSphere and\nNSX Data Center documentation:\n\n- [Add or Edit a vCenter Single Sign-On Identity Source](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-B23B1360-8838-4FF2-B074-71643C4CB040.html).\n- [LDAP Identity Source](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/administration/GUID-664DC51F-3D6B-442F-9C29-2A5304ACCCA4.html)."]]