In this article, we will learn how to add ESXi host to Active Directory domain. Joining an ESXi host to an Active Directory will permit centralized security control in the VMware vSphere environment. The active directory improves authorization, authentication, and accounting. Before joining the ESXi server as an AD domain controller, you need to check some configurations and prerequisites of your environment, including the ESXi Server, Network, and Windows Active Directory Server.
As mentioned in the part, joining a VMware ESXi host to an Active Directory provides the capability to connect to the ESX server without entering the credentials for administrators. Active Directory is a Windows implementation of the Lightweight Directory Access Protocol. It contains accounts for computers, users, and groups. It runs on a server that has an Active Directory role installed and has been “promoted” to become a domain controller. To perform this technique, you need at least one Active Directory Windows server available on your network with the ESXi host.
Table of Contents
Add ESXi Host to Active Directory
Before describing the Active Directory credentials, you have to add the ESXi host to the domain controller.
The step is quite simple: open your vSphere client and then select ESXi Host. Click on the configure tab, choose Authentication Services, and then click on Join Domain.
Specify the credentials of an Active Directory and click OK.
Let’s have a look at the Directory Services Type, which is listed as Active Directory.
Also, you can verify if the ESXi host has joined an AD from Active Directory Users and Computers.
Assign Users and Roles for the Host
Launch the vSphere Client and then log in with the root credentials.
Expand the ESXi host from the left side, and then click on Manage. Select the Security & Users tab and click Authentication under Acceptance Level. Verify that directory service is enabled and domain settings are listed properly.
Now, let’s add the permission. Click on Host, click on the Action menu, and then choose Permissions. A manage permission window will be open.
Click on Add User.
Add a user for the host and type your local domain user ([email protected]). Select administrator from the list, tick the box to propagate to all domains, and then add users.
You can see the Active Directory user added; click close.
Now you can try to log in to the vSphere client with an Active Directory user.
Successfully logged in with an AD user.
Read this article to find out more about how to join an ESXi host to an AD domain.