How to Unlock vCenter SSO Domain Accounts from the Command Line


We will require to confirm the existing Domain Name & Site Name as the first step.
Then only we will be able to reset the SSO Domain Account.
The Steps are as follows;

Step 01 – Identifying the Domain Name & Site Name

Begin by SSH to your VCSA.
Discovering your SSO Domain Name:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location -–server-name localhost
/usr/lib/vmware-vmdir/bin/vmafd-cli get-domain-name –server-name localhost

Discovering your SSO Site Name:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name -–server-name localhost

Another option is to use the vdcrepadmin tool with the showservers switch, this will display all of the PSC Appliances and their associated Sites and Domains within the single SSO Domain:

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h localhost -u administrator

Step 02 – Resetting the SSO Domain Admin Account

Run the following command:


and select option 3

Type the full username at the Please enter account UPN prompt;
Then you will be able to reset the SSO Domain Admin Account.