Hello,
Here is my configuration:
I use a VCSA 6.0U2 appliance with embded PSC and database.
My vCenter appliance is deployed on ESXi 6.0U2
A second ESXi in 5.5 is in a cluster with the 6.0U2 ESXi
Management vmk is on the same subnet than VCSA
All component are correctly referenced in DNS and both can resolve name and IP.
The AD and NTP are in a different subnet and use a NAT: Time is synchronized correctly between ESXi, vCenter and AD.
The VCSA have been added in AD without issue. The identity source have been added.
We have a group, called AD-G-ADM-VSPHERE with admin users inside.
I had granted administrator role on Globale AND on vCenter with propagation to childs
Here is the problem:
A user member of AD-G-ADM-VSPHERE dont see cluster and I cant modify permission. If I directly add my account in Global permission with administrator role, I cant modify permissions and I dont see vCenter sub-objects (datacenter, cluster or ESXi). If I want to be able to manage vCenter, I need to add administrator permission on Vcenter.
As far as I know, It's not "normal". How can I add an AD group as ADministrator? Where is the issue?