An ESXi host can be configured to use a directory service (such as Active Directory) to manage user and group permissions, in order to simplify the ESXi host’s administration and security.
To configure an ESXi host to use Active Directory, the following prerequisites must be met:
- the Active Directory domain controllers and domain name must be resolvable by the DNS servers configured for the host.
- ESXi hostname must be fully qualified with the domain name of the Active Directory forest, for example, esxi1.mydomain.local.
- the time has to be synchronized between the ESXi host and the domain controllers.
Here is how you can integrate an ESXi host with Active Directory using vSphere Web Client:
1. Select your ESXi host from the inventory. Go to Manage > Settings > Authentication Services and click the Join Domain button:
2. The Join Domain window opens. Enter the domain name and choose the method to join the ESXi host to the Active Directory domain. Two methods are available:
- Using credentials – the AD credentials and the domain name of the Active Directory server are entered.
- Using proxy server – the domain name of the Active Directory server and the IP address of the authentication proxy server are entered. This method allows you to avoid storing Active Directory credentials on the ESXi host.
We will use the first option. We need to provide the AD credentials:
After the process is completed, the Directory Services Type field should list Active Directory as the service type: