June 08, 2022

Repointing vCenter to a new SSO Domain

If you decide you no longer want your vCenter Servers to be in the same SSO domain, you may repoint vCenter to a new SSO domain. In this blog, we demo how to do this using the "cmsso-util" commands.

Since vSphere 6.7 Update 1, we have the ability to repoint the vCenter to a new SSO domain. This removes vCenter from Enhanced Linked Mode (ELM), and also removes the requirement that all vCenters be at the same version and patch level.

Before attempting such a change, it is imperative we have complete file-based backups of the SSO domain (all vCenters in ELM). Optionally, take snapshots of the vCenter Appliances when all nodes have been shutdown. This can be a quick way to correct any mistakes made throughout the process.

After repointing a vCenter to a new SSO domain, expect the following:

  • Global permissions will be reset to default
  • Custom SSO domain users & groups will be removed
  • External identity sources such as Microsoft Active Directory and OpenLDAP will need to be re-added
  • Data related to Tagging, Licensing, and Authz will be copied to the new SSO domain

To learn more about the SSO domain repointing process, please see this blog.

Simulations can be navigated by clicking the orange box hot-spots, or by using your keyboards left and right arrow keys

(Click HERE to open the simulation walkthrough in a new window)


Filter Tags

Lifecycle Management Upgrade vCenter Server vCenter Server 6.7 vCenter Server 7 vSphere vSphere 6.7 vSphere 7 Blog Best Practice Feature Walkthrough Operational Tutorial Advanced Manage Optimize