Managed Object - HostActiveDirectoryAuthentication(vim.host.ActiveDirectoryAuthentication)

Extends
HostDirectoryStore
Since
vSphere API 4.1


Managed Object Description

The HostActiveDirectoryAuthentication managed object indicates domain membership status and provides methods for adding a host to and removing a host from a domain.

Properties

Name Type Description
None
Properties inherited from HostDirectoryStore
None
Properties inherited from HostAuthenticationStore
info

Methods

Methods defined in this Managed Object
DisableSmartCardAuthentication, EnableSmartCardAuthentication, ImportCertificateForCAM_Task, InstallSmartCardTrustAnchor, JoinDomain_Task, JoinDomainWithCAM_Task, LeaveCurrentDomain_Task, ListSmartCardTrustAnchors, RemoveSmartCardTrustAnchor, RemoveSmartCardTrustAnchorByFingerprint, ReplaceSmartCardTrustAnchors
Methods inherited from HostDirectoryStore
None
Methods inherited from HostAuthenticationStore
None

DisableSmartCardAuthentication(disableSmartCardAuthentication)

Disables console authentication using a local smart card and reader.
Required Privileges
Host.Config.AuthenticationStore
Since
vSphere API 6.0

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the HostActiveDirectoryAuthentication used to make the method call.

Return Value

Type Description
None

Faults

Type Description
ActiveDirectoryFaultThrown if the active directory client could not be reconfigured.
HostConfigFaultThrown if the host configuration prevents smart card authentication from being disabled.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



EnableSmartCardAuthentication(enableSmartCardAuthentication)

Enables console authentication using a local smart card and reader. To take effect this feature requires an active domain membership to a domain with users configured to authenticate using smart cards.
Required Privileges
Host.Config.AuthenticationStore
Since
vSphere API 6.0

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the HostActiveDirectoryAuthentication used to make the method call.

Return Value

Type Description
None

Faults

Type Description
ActiveDirectoryFaultThrown if the active directory client could not be reconfigured.
HostConfigFaultThrown if the host configuration prevents smart card authentication from being enabled.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



ImportCertificateForCAM_Task(importCertificateForCAM)

Import the CAM server's certificate to the local store of vmwauth.

The certificate should have already been uploaded to ESXi file system.

Required Privileges
Host.Config.AuthenticationStore
Since
vSphere API 5.0

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the HostActiveDirectoryAuthentication used to make the method call.
certPathxsd:string

full path of the certificate on ESXi
camServerxsd:string

IP of server providing the CAM service.

Return Value

Type Description
ManagedObjectReference
to a SmsTask

Faults

Type Description
ActiveDirectoryFaultThrown for any problem that is not handled with a more specific fault.
FileNotFoundThrown if the certificate file does not exist
InvalidCAMServerThrown if camServer is not a valid IP address
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None



InstallSmartCardTrustAnchor(installSmartCardTrustAnchor)

Install a trust anchor certificate for smart card authentication.
Required Privileges
Host.Config.AuthenticationStore
Since
vSphere API 6.0

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the HostActiveDirectoryAuthentication used to make the method call.
certxsd:string

SSL certificate in PEM format

Return Value

Type Description
None

Faults

Type Description
HostConfigFaultThrown if the host configuration prevents the certificate from being installed.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



JoinDomain_Task(joinDomain)

Adds the host to an Active Directory domain.

If the HostAuthenticationStoreInfo.enabled property is True (accessed through the info property), the host has joined a domain. The vSphere API will throw the InvalidState fault if you try to add a host to a domain when the host has already joined a domain.

Required Privileges
Host.Config.AuthenticationStore

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the HostActiveDirectoryAuthentication used to make the method call.
domainNamexsd:string

Name of the domain to be joined.
userNamexsd:string

Name for an Active Directory account that has the authority to add hosts to the domain.
passwordxsd:string

Password for the userName account.

Return Value

Type Description
ManagedObjectReference
to a SmsTask

Faults

Type Description
ActiveDirectoryFaultThrown for any problem that is not handled with a more specific fault.
BlockedByFirewallThrown if ports needed by the join operation are blocked by the firewall.
ClockSkewThrown if the clocks of the host and the domain controller differ by more than the allowed amount of time.
DomainNotFoundThrown if the domain controller for domainName cannot be reached.
HostConfigFaultThrown if the host configuration prevents the join operation from succeeding.
InvalidHostNameThrown if the domain part of the host's FQDN doesn't match the domain being joined.
InvalidLoginThrown if userName and password are not valid user credentials.
InvalidStateThrown if the host has already joined a domain.
NoPermissionOnADThrown if userName has no right to add hosts to the domain.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.
TaskInProgressThrown if the HostActiveDirectoryAuthentication object is busy.

Events

Type
None



JoinDomainWithCAM_Task(joinDomainWithCAM)

Adds the host to an Active Directory domain through CAM service.

If the HostAuthenticationStoreInfo.enabled property is True (accessed through the info property), the host has joined a domain. The vSphere API will throw the InvalidState fault if you try to add a host to a domain when the host has already joined a domain.

Required Privileges
Host.Config.AuthenticationStore
Since
vSphere API 5.0

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the HostActiveDirectoryAuthentication used to make the method call.
domainNamexsd:string

Name of the domain to be joined.
camServerxsd:string

Name of server providing the CAM service.

Return Value

Type Description
ManagedObjectReference
to a SmsTask

Faults

Type Description
ActiveDirectoryFaultThrown for any problem that is not handled with a more specific fault.
BlockedByFirewallThrown if ports needed by the join operation are blocked by the firewall.
CAMServerRefusedConnectionThrown if the specified CAM server is not reachable, or if the server denied access.
ClockSkewThrown if the clocks of the host and the domain controller differ by more than the allowed amount of time.
DomainNotFoundThrown if the domain controller for domainName cannot be reached.
HostConfigFaultThrown if the host configuration prevents the join operation from succeeding.
InvalidCAMCertificateThrown if the certificate of the given CAM server cannot be verified.
InvalidCAMServerThrown if camServer is not a valid IP address, or if camServer is not accessible.
InvalidHostNameThrown if the domain part of the host's FQDN doesn't match the domain being joined.
InvalidStateThrown if the host has already joined a domain.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.
TaskInProgressThrown if the HostActiveDirectoryAuthentication object is busy.

Events

Type
None



LeaveCurrentDomain_Task(leaveCurrentDomain)

Removes the host from the Active Directory domain to which it belongs.
Required Privileges
Host.Config.AuthenticationStore

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the HostActiveDirectoryAuthentication used to make the method call.
forcexsd:boolean

If True, any existing permissions on managed entities for Active Directory users will be deleted. If False and such permissions exist, the operation will fail.

Return Value

Type Description
ManagedObjectReference
to a SmsTask

Faults

Type Description
ActiveDirectoryFaultThrown for any problem that is not handled with a specific fault.
AuthMinimumAdminPermissionThrown if this change would leave the system with no Administrator permission on the root node.
InvalidStateThrown if the host is not in a domain or there are active permissions for Active Directory users.
NonADUserRequiredonly non Active Directory users can initiate the leave domain operation.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.
TaskInProgressThrown if the ActiveDirectoryAuthentication object is busy.

Events

Type
None



ListSmartCardTrustAnchors(listSmartCardTrustAnchors)

Lists installed trust anchor certificates for smart card authentication.
Required Privileges
Host.Config.AuthenticationStore
Since
vSphere API 6.0

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the HostActiveDirectoryAuthentication used to make the method call.

Return Value

Type Description
xsd:string[]SSL certificates of trusted CAs in PEM format.

Faults

Type Description
HostConfigFaultThrown if the host configuration prevents the certificates from being listed.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



RemoveSmartCardTrustAnchor(removeSmartCardTrustAnchor)

Deprecated. Please remove by fingerprint/digest instead.

Remove a smart card trust anchor certificate from the system.
Required Privileges
Host.Config.AuthenticationStore
Since
vSphere API 6.0

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the HostActiveDirectoryAuthentication used to make the method call.
issuerxsd:string

Certificate issuer
serialxsd:string

Certificate serial number (decimal integer)

Return Value

Type Description
None

Faults

Type Description
HostConfigFaultThrown if the host configuration prevents the certificate from being removed.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



RemoveSmartCardTrustAnchorByFingerprint(removeSmartCardTrustAnchorByFingerprint)

Remove a smart card trust anchor certificate from the system by fingerprint.
Required Privileges
Host.Config.AuthenticationStore
Since
vSphere API 6.0

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the HostActiveDirectoryAuthentication used to make the method call.
fingerprintxsd:string

Certificate fingerprint
digestxsd:string

Digest function used to compute fingerprint. One of HostActiveDirectoryAuthenticationCertificateDigest.

Return Value

Type Description
None

Faults

Type Description
HostConfigFaultThrown if the host configuration prevents the certificate from being removed.
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition



ReplaceSmartCardTrustAnchors(replaceSmartCardTrustAnchors)

Replace the trust anchor certificates for smart card authentication.
Required Privileges
Host.Config.AuthenticationStore
Since
vSphere API 6.0

Parameters

NameTypeDescription
_thisManagedObjectReference A reference to the HostActiveDirectoryAuthentication used to make the method call.
certs*xsd:string[]

List of trusted CA certificates in PEM format. If empty then all existing trust anchors are removed.
*Need not be set

Return Value

Type Description
None

Faults

Type Description
RuntimeFaultThrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error.

Events

Type
None

Show WSDL type definition