You can configure a host to use a directory service such as Active Directory to manage users and groups, especially when it is about an organization or enterprise environment, for better management of the users and access to the host.
Before you add host to the AD domain, first :
- Verify that the host name of ESXi is fully qualified with the domain name of the Active Directory forest.
- You have an Active Directory domain and have create both reverse and forward dns record for the esxi host.
- Root access: Create a group called ESX Admins on Active Directory. AD users accounts assigned to it are automatically granted root access on ESXi.
- Time must be synchronized between AD domain and host. Synchronize the time between ESXi and the directory service system using NTP
1- Check the hostname of the esxi host and domain name, to be the same with AD domain.
2- Check Active Directory domain, the DNS records and security group created for the access :
Create new security group , ESX Admins and add member to it, who will have access to the host.
3- Check the DNS record created in both zones :
4- Configure NTP on host and start it :
System – Time & Date – Edit settings
Enter NTP servers and save it. Then under Actions -> NTP Service -> Start
After we have completed this prerequisites, click on Manage -> Security & Users -> Authentication -> Click on Join domain
Type the Name of your Domain and enter a username and password of a user that Is authorized to Join computers to the domain.
After you join domain, refresh and you will see the new domain joined.
Verify by loggin out of the host gui and enter with domain credentials.
After a succesful login, you will see at the top logged user :
As we’ve seen, there are a number of advantages to joining ESXi to Active Directory. It makes user management easier while improving security across the board.
Thank you !