Skip to main content

Configuring the ESXi host with Active Directory authentication

  Purpose

This article provides steps to add an ESXi host to an Active Directory domain. 

To add an ESXi host using the command line, see "domainjoin-cli" command to join an ESXi host to an Active Directory Domain
Impact / Risks
Joining an ESXi hosts to an Active Directory domain with a read-only domain controller (RODC) is unsupported. You can join an ESXi hosts only to an Active Directory domain with a writable domain controller.
Resolution

To add an ESXi host to the Active Directory using vSphere client:

  1. Confirm the ESXi host is synchronizing time with the Active Directory Domain controller. For more information, see Synchronizing ESXi/ESX time with a Microsoft Domain Controller (1035833).
  2. From the vSphere Client, select the host that you want to add to the Active Directory.
  3. Click the Configuration tab.
  4. Click the Authentication Services.
  5. Click the Properties link at the top right pane.
  6. In the Directory Services Configuration dialog, select the directory service from the drop-down.
  7. Enter a domain.
  8. Click Join Domain.
  9. Enter the user name (in user@domain.com format) and password of a directory service user account that has permissions to join the host to the domain and click OK.
  10. Click OK to close the Directory Services Configuration dialog box.
  11. Click the Configuration tab and click Advanced Settings.
  12. Navigate to Config > HostAgent.
  13. Change the Config.HostAgent.plugins.hostsvc.esxAdminsGroup setting to match the Administrator group that you want to use in the Active Directory. These settings takes affect within a minute and no reboot is required.
Notes:
  • If the Config.HostAgent.plugins.hostsvc.esxAdminsGroup setting is changed, ensure to remove any invalid users from the Permissions tab of the ESXi host.
  • In ESXi 4.1, the ESX Admins container is hard coded and must be added on the Active Directory side for authentication to work.

To add an ESXi host to the Active Directory using vSphere Web Client:

  1. Browse to the host in the vSphere Web Client inventory.
  2. Click the Manage tab and click Settings.
  3. Under System, select Authentication Services.
  4. Click Join Domain.
  5. Enter a domain.

    Use the form domain.com or domain.com/OU1/OU2.
     
  6. Enter the user name and password of a directory service user who has permissions to join the host to the domain, and click OK.
  7. Click OK to close the Directory Services Configuration dialog box.


 

Related Information

Comments

Post a Comment

Popular posts from this blog

Cloning and converting virtual machine disks with vmkfstools

 Purpose This article provides information and instructions on the use of the vmkfstools command to convert virtual machine disks from one type to another. Resolution The vmkfstools command offers the ability to clone virtual machine content and also convert from one virtual machine disk ( .vmdk ) format into another. Note : The host operating system chosen to perform the conversion may not necessarily support running of virtual machines via the output format defined. vmkfstools maintains the possibility of exporting virtual disks for use in other VMware products which support alternative disk formats. To convert a virtual machine disk from one type to another: Shut down the virtual machine. Virtual machine disk files are locked while in-use by a running virtual machine. Log in to the VMware vSphere Management Assistant (v...
Post a Comment
Read more

Troubleshooting vpxd service on Windows vCenter Server

  Symptoms You cannot connect to VMware vCenter Server with the vSphere Client. You cannot see the VMware vCenter Server in the inventory in the vSphere Web Client. You see a Microsoft Windows Event error associated with IIS similar to: Event properties - Event 7024, Service Control Manager The VMware VirtualCenter Server service terminated with service-specific error The system cannot find the file specified.. Log Name: System Source: Service Control Event ID: 7024 Level: Error Note : A windows Event ID 1000 may also be reported in relation to this issue.   Connecting to vCenter Server fails with the error: Cannot connect to host server_name : No connection could be made because the target machine actively refused it.   Attempting to start the VMware VirtualCenter Server service fails. You see this error: Windows could not start the VMware VirtualCenter Server service on...
Post a Comment
Read more

Increasing the disk space for the VMware vCenter Server Appliance in vSphere 6.5, 6.7 and 7.0

  Purpose This article provides steps to increase the disk space of a specific VMDK for the vCenter Server Appliance 6.5, 6.7 and 7.0. With the introduction of Logical Volume Management (LVM) in vSphere 6.0 and continued support with vSphere 6.5, 6.7 and 7.0, the vCenter Server disks can be dynamically increased. List of VMDKs for a vCenter Server Appliance 6.5 - Size Mount point and Purpose Note : Resizing the root partition (VMDK1 listed in the KB above) is not supported on 6.5. Please see the vSphere 6.5 Release Notes for more information. Resizing root partition has been added to 6.7 and 7.0. List of VMDKs/Partitions for a vCenter Server Appliance 6.7 - Size Mount point and Purpose   List of VMDKs/Partitions for a vCenter Server 7.0 - Size Mount point and Purpose Note : This KB can be used for the situation like SEAT partition full or any other vCenter appliance partition full. ...
Post a Comment
Read more