[VMC] Adding/Removing AD groups to the CloudAdminGroup via apiexplorer
search cancel

[VMC] Adding/Removing AD groups to the CloudAdminGroup via apiexplorer

book

Article ID: 314113

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

Detail how to add LDAP Groups to the CloudAdminGroup via API Explorer.

Symptoms:
This article lists out the steps to modify group membership of the CloudAdminGroup on the Cloud vCenter in VMware Cloud on AWS

Cause

Customer is missing permissions for a specific LDAP User/Group but [email protected] account has the required permissions.

Resolution

  1. Login into https://<Cloud_VC_FQDN>/apiexplorer/ Use the cloudadmin ID to login
  2. Navigate to hvc/management/administrators and click on Show/Hide
  3. Use the GET hvc/management/administrators API to find the current members of the CloudAdminGroup
  4. Click on Execute to run the GET request. The response will be in JSON format.
         image.png

image.png

  1. To add an AD group use the POST hvc/management/administrators?action=add API
  2. In the request_body put the AD group name in the format {“group_name”: ”[email protected]”}. You only need to modify the [email protected] section, leave group_name alone.
{
    "group_name": "[email protected]"
}
  1. Click on Execute. If the Response Code comes as 204 or 200, That means the group has been added.
image.png
image.png

Note: You can then use the GET API again (mentioned above) to fetch the group list to verify if the group has been added or not.
image.png
  1. If you want to remove an AD group from the CloudAdminGroup
  2. Use the  POST /hvc/management/administrators?action=remove API
  3. In the request_body put the AD group name in the format “group_name”: ”[email protected]
    1. {
          "group_name": "[email protected]"
      }
  4. Click on Execute.
  5. If the Response Code is 204 or 200, that means the group has been removed successfully
  6. To verify, Do a GET request again to see the current group membership and you will see that the group has been removed.


Workaround:
Use [email protected].

Additional Information

VMware Developer Documentation

Impact/Risks:
Customers may be blocked from integrating or performing actions with LDAP User/Groups.
This process can only be used to add AD Groups to the CloudAdminGroup, this will not work for adding specific AD Users.

Powered by Wolken Software