What is true regarding this scenario?

For security reasons, an administrator removes a user from the Active Directory domain used by all ESXi hosts for authentication. At the time the user is removed they are actively logged into an ESXi 5.x host through the vSphere Client.

What is true regarding this scenario?

For security reasons, an administrator removes a user from the Active Directory domain used by all ESXi hosts for authentication. At the time the user is removed they are actively logged into an ESXi 5.x host through the vSphere Client.

What is true regarding this scenario?

A.
The user immediately loses connectivity to and permissions on the host.

B.
The user retains permissions and connectivity to the host for up to 24 hours.

C.
The user retains permissions on the host until the host is rebooted.

D.
The user retains permissions on the object until the next time the user logs in to vCenter Server.



Leave a Reply 12

Your email address will not be published. Required fields are marked *


D7

D7

I still think the answer is b, if it C can someone explain why

SC

SC

NOTE –
Users who are logged in and are removed from the domain keep their host permissions until you restart the host.

SC

SC

Chris – Thanks

xenon

xenon

You can remove a user from the host.
Users who are logged in and are removed from the domain keep their host permissions until you restart the host.

To remove users from vCenter Server, you must remove them from the domain or Active Directory users list.
Users who are logged in and are removed from the domain keep their vSphere permissions until the next validation period. The default is every 24 hours.

C is correct for ESXi hosts, B is correct for vCenter Server

Pablo

Pablo

answer is B
vSphere 5.0 Security Guide, page 43
http://pubs.vmware.com/vsphere-50/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-50-security-guide.pdf

“Removing or Modifying vCenter Server Users
When you remove users from vCenter Server, you also remove permissions granted to those users. Modifying a user or group name causes the original name to become invalid.
To remove users from vCenter Server, you must remove them from the domain or Active Directory users list.
If you remove users from the vCenter Server domain, they lose permissions to all objects in the vSphere environment and cannot log in again.
NOTE
Users who are logged in and are removed from the domain keep their vSphere permissions until the
next validation period. The default is every 24 hours.
Removing a group does not affect the permissions granted individually to the users in that group or permissions granted as part of inclusion in another group.
If you change a user’s name in the domain, the original user name becomes invalid in the vCenter Server system. If you change the name of a group, the original group becomes invalid after you restart the vCenter Server system.”

B-Art

B-Art

For security reasons, an administrator removes a user from the Active Directory domain used by all ESXi hosts for authentication. At the time the user is removed they are actively logged into an ESXi 5.x host through the vSphere Client.

The ONLY Active Directory DOMAIN with this SCOPE(!) would be VSPHERE.LOCAL!

http://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-31F302A6-D622-4FEC-9007-EE3BA1205AEA.html

Deleting a user from vsphere.local:
http://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-4C51B8F0-17EB-4FB1-ACF8-FAB24FD92FFC.html

Deleting an application user from vsphere.local:
http://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-58B88A46-45BE-4E4B-900A-A778745E05FF.html