6.7
Table Of Contents
- Platform Services Controller Administration
- Contents
- About Platform Services Controller Administration
- Getting Started with Platform Services Controller
- vCenter Server and Platform Services Controller Deployment Types
- Deployment Topologies with External Platform Services Controller Instances and High Availability
- Understanding vSphere Domains, Domain Names, and Sites
- Platform Services Controller Capabilities
- Managing Platform Services Controller Services
- Managing the Platform Services Controller Appliance
- vSphere Authentication with vCenter Single Sign-On
- Understanding vCenter Single Sign-On
- Configuring vCenter Single Sign-On Identity Sources
- Understanding vCenter Server Two-Factor Authentication
- Using vCenter Single Sign-On as the Identity Provider for Another Service Provider
- Security Token Service STS
- Managing vCenter Single Sign-On Policies
- Managing vCenter Single Sign-On Users and Groups
- Add vCenter Single Sign-On Users
- Disable and Enable vCenter Single Sign-On Users
- Delete a vCenter Single Sign-On User
- Edit a vCenter Single Sign-On User
- Add a vCenter Single Sign-On Group
- Add Members to a vCenter Single Sign-On Group
- Remove Members from a vCenter Single Sign-On Group
- Delete vCenter Single Sign-On Solution Users
- Change Your vCenter Single Sign-On Password
- vCenter Single Sign-On Security Best Practices
- vSphere Security Certificates
- Certificate Requirements for Different Solution Paths
- Certificate Management Overview
- Managing Certificates with the vSphere Client
- Managing Certificates from the vSphere Web Client
- Managing Certificates with the vSphere Certificate Manager Utility
- Certificate Manager Options and the Workflows in This Document
- Regenerate a New VMCA Root Certificate and Replace All Certificates
- Make VMCA an Intermediate Certificate Authority (Certificate Manager)
- Generate CSR with vSphere Certificate Manager and Prepare Root Certificate (Intermediate CA)
- Replace VMCA Root Certificate with Custom Signing Certificate and Replace All Certificates
- Replace Machine SSL Certificate with VMCA Certificate (Intermediate CA)
- Replace Solution User Certificates with VMCA Certificates (Intermediate CA)
- Replace All Certificates with Custom Certificate (Certificate Manager)
- Revert Last Performed Operation by Republishing Old Certificates
- Reset All Certificates
- Manual Certificate Replacement
- Managing Services and Certificates with CLI Commands
- Troubleshooting Platform Services Controller
- Determining the Cause of a Lookup Service Error
- Unable to Log In Using Active Directory Domain Authentication
- vCenter Server Login Fails Because the User Account Is Locked
- VMware Directory Service Replication Can Take a Long Time
- Export a Platform Services Controller Support Bundle
- Platform Services Controller Service Logs Reference
dir-cli Command Reference
The dir-cli utility supports creation and updates to solution users, account management, and
management of certificates and passwords in VMware Directory Service (vmdir). You can also use dir-
cli to manage and query the domain functional level of Platform Services Controller instances.
dir-cli nodes list
Lists all vCenter Server system for the specified Platform Services Controller instance.
Option Description
--login <admin_user_id>
The administrator of the local vCenter Single Sign-On domain,
administrator@vsphere.local by default.
--password <admin_password>
Password of the administrator user. If you do not specify the
password, you are prompted.
--server <psc_ip_or_fqdn>
Use this option if you do not want to target the affinitized
Platform Services Controller. Specify the IP address or FQDN of
the Platform Services Controller;
dir-cli computer password-reset
Enables you to reset the password of the machine account in the domain. This option is useful if you have
to restore a Platform Services Controller instance.
Option Description
--login <admin_user_id>
The administrator of the local vCenter Single Sign-On domain,
administrator@vsphere.local by default.
--password <admin_password>
Password of the administrator user. If you do not specify the
password, you are prompted.
--live-dc-hostname <server name>
Current name of the Platform Services Controller instance.
dir-cli service create
Creates a solution user. Primarily used by third-party solutions.
Option Description
--name <name>
Name of the solution user to create
--cert <cert file>
Path to the certificate file. This can be a certificate signed by
VMCA or a third-party certificate.
--ssogroups <comma-separated-groupnames>
Makes the solution user a member of the specified groups.
--wstrustrole <ActAsUser>
Makes the solution user a member of the built-in administrators
or users group. In other words, determines whether the solution
user has administrative privileges.
Platform Services Controller Administration
VMware, Inc. 162