As part of studying for my VDCA550-DCA, I’ve started relying more on the CLI and a lot less on the GUI. IMHO, the best tool for the job is the vSphere vMA.
For ease of use, I decided to add it to my domain and then lock it down so only certain users could logon.
First, logon to the vMA and add it to the domain:
sudo domainjoin-cli join nl.mdb-lab.com email@example.com
This will prompt you for the vMA super-user password you set during installation, followed by the password for the account you’re using to add the vMA to the domain. The vMA will then require a reboot.
Once restarted, edit /etc/likewise/lsassd.conf and add the AD groups you wish to have access to the vMA:
sudo sed -i "/require-membership-of/c\require-membership-of = NL\\\vMA Access Users" /etc/likewise/lsassd.conf
In this case, I created an AD group called vMA Access Users and used that.