While setting up Single Sign-On with our Windows Active Directory (AD) server and cluster permissions, I accidentally assigned the Administrators group to "No Access" on one of the clusters. I tried to browse back to the cluster to change the permissions, but I could not see it anymore, under any of the accounts in the Administrators group. The groups were structured such that the "vSphere Administrators" AD group was added to the "Administrators" vsphere.local group, so any AD account assigned to the "vSphere Administrators" AD group are automatically members of the "Administrators" vsphere group.
My next step was to add Administrators with full permissions to the vCenter Server, and have it propagate to everything else. The cluster was still not visible.
Since I was signed into the Administrator account, and Administrator was explicitly assigned the Administrator Role for the vCenter Server, I figured the fastest way to remove the permissions assignment for the Administrators Group was to delete it. After deleting the Administrators Group, I still could not see the cluster.
I removed myself from the "vSphere Administrators" AD Group, signed in using my AD account, added my AD account as an Adminstrator Role on the vCenter Server, and was able to see the cluster again. The Adminstrators vSphere Group was still entered, so I removed it, and all of the accounts can see the cluster again.
Now the real problem starts: When I went back to Administration -> Single Sign-On -> Users and Groups, the Administrator account can not create/edit any users or groups. The other accounts with the Adminstrator Role in vCenter can not even see the Single Sign-On menu.
I tried using VMWare CLI, specifically
vicfg-user.pl --server <server-ip> -e group -o add -d Administrators
but I get the response
Host Account Manager Not Found.
I ssh'd into vCenter, and I can't find any of the command line tools that are installed on the ESX Hosts.
I hope someone can give me a suggestion on making the Administrator user able to edit Users and Groups, or how to manually create a group in vCenter.
Thanks
