vIDM/Access Connector <> DC2022

Heads-up to everyone in the process of upgrading their Active Directory Domain Services to 2022! As mentioned in the online documentation, VMware does NOT support AD on Windows Server 2022.

The main reason for this is the fact Microsoft changed their LDAP-search member attribute specification, resulting in the Connector failing to retrieve more than 1499 results (this is the MaxValRange from the NTDSUTIL LDAP Policy Values). Older Windows Domain Controller versions would return the first 0-1499 results and then continue to page the remaining results.

What to do?

If you are in the situation that you have to deal with a DC-environment that is being upgraded, you can consider the options below with the prerequisite that you ask your Windows team to keep some DC2012/2016/2019 hosts alive:

  • Make use of Microsoft Sites-and-Services to direct connector traffic to these older hosts.
  • Edit the hosts-file on the Windows Connector host and create dummy IP-addresses for all DC2022 hosts. The Connector will fail to connect to these dummy hosts and connect only to the DC2012/16/19 hosts.
  • Edit the hosts-file on the Windows Connector host and map all the DC2022 host names to the address of these hosts.

What’s next?

Although this issue is caused by a change in the Microsoft LDAP Directory Service, VMware is actively working on a solution in the Access/vIDM connector. Unfortunately this did not make it into recently released Access 22.09 or vIDM 3.3.6 products, meaning we have to wait for the next patch or major release.

Marco Baaijen

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment