Here are several facts just to give you brief overview of my lab.
I have two independent vPODs in my lab. Each vPOD has everything what's needed for VMware vSphere infrastructure. I have there dedicated hardware (Compute, Storage, Network), vSphere components like vCenter, SSO, ESXi hosts, Site Recovery Manager, vSphere Replication Appliance, and also Domain Controllers and DNS servers.
vCenter SSO placed in VPOD01 is using Integrated Windows Authentication with Microsoft Active Directory "VPOD01.example.com". Therefore another integration with Microsoft Active Directory "VPOD02.example.com" can be done only via LDAP. Configuration of additional identity source is depicted on the screenshot below.
|SSO: Add identity source|
Identity source type: Active Directory as a LDAP ServerI know that two Microsoft domains can be integrated in to the single "Domain Trust" but because I'm not to much familiar and experienced with Microsoft Active Directory I think that vCenter Single Sign-On capability of multiple identity sources is another nice design option.
Identity source settings:
Base DN for users: dc=vpod02,dc=example,dc=com
Domain name: vpod02.example.com
Domain alias: vpod02
Base DN for groups: dc=vpod02,dc=example,dc=com
Primary server URL: ldap://10.2.22.51:389
Secondary server URL: empty
Simpler manageability for non-Microsoft oriented vSphere Admin was the primary reason and justification to use this option in my vSphere lab :-)