SCVMM - Controlling permissions across 3 domains.
I have a complicated VMM setup that's throwing me some errors and I was wondering if you guys have done this already..

Here's the thing:

We have 3 different domains. Let's call them xpto.local, xpto.division and xpto.lab.

We want to build a self-service portal through App Controller so that users in xpto.local can login and control VM's that are in a cluster in xpto.lab without setting a direct trust between them (only with xpto.division).

Here's what I'm trying:
xpto.local <-------trust--------xpto.division(VMM Management Server)<-------trust-------->xpto.lab(Cluster)

So, I have a VMM Management server in xpto.divison (VMMSERVER.xpto.division) managing a cluster in xpto.lab (CLUSTER.xpto.lab).

Setup worked, I had to fiddle with the hosts file to add the cluster but it worked and I can control resources in xpto.lab.

I added a xpto.local user to a self service group in the user roles section, and it worked.

But now, when I try to add a user to the access list in a VM proper, it throws this error:

Where the censored bit isn't the Management Server, but the user I'm trying to add! (xpto.local\user)

Does anyone know what might be causing th
May 18th, 2015 10:05am

What you are trying to do here, is to find a solution in a legacy world.

App Controller is a dying art and wont be developed any further post 2012 R2.

What we have (right now) is Windows Azure Pack, that serves as a self-service portal into the private cloud to deliver both IaaS and PaaS. This means that you would be able to solve this quite easily by using Azure Pack instead of App Controller, to grant you console access - as well as RDP access to the VMs across domains.

for more information around Azure Pack, follow this link:


Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2015 3:29am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics