SSO Domain Repoiting was introduced to allow the repointing of a vCenter Server from one SSO Domain to another, something that was not possible in vSphere 6.0/6.5. The vCenter Server being repointed, moves from its current SSO domain and joins the other existing domain as another vCenter Server connected via Enhanced Linked Mode (ELM).

This powerful feature can not only help customers with mergers & acquisitions who may have a need to change the name of an SSO Domain but also joining two different SSO Domains into one common domain. If there is a need to repoint a vCenter Server from its current domain to a brand new SSO Domain, that is also possible.

Starting with vSphere 6.7 Update 1, you can move a vCenter Server with an embedded Platform Services Controller from one vSphere domain to another vSphere domain


To ensure no loss of data, take a File-Based backup of each vCenter Server before proceeding with domain repointing. In the event of an issue, the vCenter Server can then be quickly restored to its last state.

In my lab I am repointing which is my vCenter Server 6.7 Update 2. Notice that my Single Sign-On domain is vsphere.local currently. We can also see that the vCenter Server is an embedded deployment type.

SSH to the vCenter Server that will be re-pointed to a new SSO Domain. Provide the root credentials to login to the appliance.

Run the below command:

cmsso-util domain-repoint -m execute --src-emb-admin Administrator --dest-domain-name virtuallyvtrue.local

NOTE: The SSO Administrator (Administrator@sso-domain.local) credentials of the Source vCenter Server are required here. Also, the Destination domain name (--dest-domain-name) equals the name of the new SSO Domain you are pointing the Source vCenter Server to.

To continue, answer the question (Y or N) to confirm all settings are correct to proceed with the repointing operations.

We can further validate this change by logging into the vCenter Server Appliance Management Interface (VAMI) on port 5480.