Since vSphere 6.7 Update 1, we have the ability to repoint the vCenter to a new SSO domain. This removes vCenter from Enhanced Linked Mode (ELM), and also removes the requirement that all vCenters be at the same version and patch level.
Before attempting such a change, it is imperative we have complete file-based backups of the SSO domain (all vCenters in ELM). Optionally, take snapshots of the vCenter Appliances when all nodes have been shutdown. This can be a quick way to correct any mistakes made throughout the process.
After repointing a vCenter to a new SSO domain, expect the following:
- Global permissions will be reset to default
- Custom SSO domain users & groups will be removed
- External identity sources such as Microsoft Active Directory and OpenLDAP will need to be re-added
- Data related to Tagging, Licensing, and Authz will be copied to the new SSO domain
To learn more about the SSO domain repointing process, please see this blog.
Simulations can be navigated by clicking the orange box hot-spots, or by using your keyboards left and right arrow keys
(Click HERE to open the simulation walkthrough in a new window)