Skip to main content

Configuring the ESXi host with Active Directory authentication

  Purpose

This article provides steps to add an ESXi host to an Active Directory domain. 

To add an ESXi host using the command line, see "domainjoin-cli" command to join an ESXi host to an Active Directory Domain
Impact / Risks
Joining an ESXi hosts to an Active Directory domain with a read-only domain controller (RODC) is unsupported. You can join an ESXi hosts only to an Active Directory domain with a writable domain controller.
Resolution

To add an ESXi host to the Active Directory using vSphere client:

  1. Confirm the ESXi host is synchronizing time with the Active Directory Domain controller. For more information, see Synchronizing ESXi/ESX time with a Microsoft Domain Controller (1035833).
  2. From the vSphere Client, select the host that you want to add to the Active Directory.
  3. Click the Configuration tab.
  4. Click the Authentication Services.
  5. Click the Properties link at the top right pane.
  6. In the Directory Services Configuration dialog, select the directory service from the drop-down.
  7. Enter a domain.
  8. Click Join Domain.
  9. Enter the user name (in user@domain.com format) and password of a directory service user account that has permissions to join the host to the domain and click OK.
  10. Click OK to close the Directory Services Configuration dialog box.
  11. Click the Configuration tab and click Advanced Settings.
  12. Navigate to Config > HostAgent.
  13. Change the Config.HostAgent.plugins.hostsvc.esxAdminsGroup setting to match the Administrator group that you want to use in the Active Directory. These settings takes affect within a minute and no reboot is required.
Notes:
  • If the Config.HostAgent.plugins.hostsvc.esxAdminsGroup setting is changed, ensure to remove any invalid users from the Permissions tab of the ESXi host.
  • In ESXi 4.1, the ESX Admins container is hard coded and must be added on the Active Directory side for authentication to work.

To add an ESXi host to the Active Directory using vSphere Web Client:

  1. Browse to the host in the vSphere Web Client inventory.
  2. Click the Manage tab and click Settings.
  3. Under System, select Authentication Services.
  4. Click Join Domain.
  5. Enter a domain.

    Use the form domain.com or domain.com/OU1/OU2.
     
  6. Enter the user name and password of a directory service user who has permissions to join the host to the domain, and click OK.
  7. Click OK to close the Directory Services Configuration dialog box.


 

Related Information

Comments

Post a Comment

Popular posts from this blog

Error [403] The maximum number of sessions has been exceeded in the H5 client during login or logout

  Symptoms In virgo log, you see messages similar to: [2020-05-19T07:25:45.285Z] [ERROR] http-nio-5090-exec-130 72026859 142953 501051 com.vmware.vise.security.spring.DefaultAuthenticationProvider logout failed for sessionId 142953, clientId 501051 java.lang.IllegalStateException: The specified cardinality of 1..1 for osgi:reference implementing com.vmware.vcenter.apigw.api.ApiGatewaySessionManager in bundle com.vmware.h5ngc requires that exactly one OSGI service satisfies the filtering criteria but no such service was found.         at com.vmware.o6jia.context.ExternalServiceTargetSource.getTarget(ExternalServiceTargetSource.java:99)         at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:192)         at com.sun.proxy.$Proxy159.logout(Unknown Source)   ...
Post a Comment
Read more

Investigating virtual machine file locks on ESXi

      Details Adding an existing virtual machine disk (VMDK) to a virtual machine that is already powered on fails.                 Failed to add disk scsi0:1. Failed to power on scsi0:1   Powering on the virtual machine results in the power on task remaining at 95% indefinitely. Cannot power on the virtual machine after deploying it from a template. Powering on a virtual machine fails with an error: Unable to open Swap File Unable to access a file since it is locked Unable to access a file <filename> since it is locked Unable to access Virtual machine configuration In the /var/log/vmkernel log file, you see entries similar to: WARNING: World: VM xxxx: xxx: Failed to open swap file <path>: Lock was not free WARNING: World: VM xxxx: xxx: Failed to initialize swap file <path>   When opening a console to the virtual machine, you may receive ...
Post a Comment
Read more

"Failed to configure vAPI Endpoint Service at the firstboot time" while installing Windows VC 6.5

  Symptoms While configuring the vAPI EndPoint Service, you experience these symptoms: Windows vCenter Server 6.5 installation fails while configuring the vAPI EndPoint Service vCenter Server 6.5 installation on a Windows Server fails during the vAPI EndPoint Service during the firstboot time. You see the error: Error: An error occurred while starting service 'vapi-endpoint'. Failed to start the vAPI Endpoint Service. Failed to configure vAPI Endpoint Service at the firstboot time. Please file a bug against VAPI   In vapi_firstboot.py_2948_stderr.log file, you see entries similar to: No valid files with pathname: C:\ProgramData\VMware\vCenterServer\logs\vapi\endpoint* found. ERROR starting vapi-endpoint rc: 2, stdout: , stderr: Start service request failed. Error: Service crashed while starting^M vapi firstboot failed Traceback (most recent call last): File "C:\Program Files\VMware\vCenter Server\firstbo...
Post a Comment
Read more