How to add an ESXi Host to an Active Directory Domain

This is a basic tutorial explaining how to add an ESXi Host to a directory service, like Microsoft’s Active Directory, to simplify the administration and security of the ESXi hosts.

As prerequisites, you need:

• The ESXi host DNS server must resolve AD Domain controller and Domain Name
• The ESXi host name must be fully qualified with the domain name of the Active Directory forest, for example, esxtest1.contoso.local
• The time between the AD server and the ESXi Host should be syncronized

Before specifying the Active Directory credentials you need to add the ESXi host to the domain controller.

The operation is quite simple. Open your vSphere Web Client and select Hosts and Clusters from the Home menu:

Choose the ESXi Host:

Press Join Domain:

Specify the credentials of a domain administrator:

Let’s check if Directory Services Type is listed as Active directory:

Also you can verify if the Host joined the AD from Active Directory Users and Computers of Windows Server:

Open the vSphere Client and log in with the root credentials:

Select the ESXi host from the left pannel, select the configuration tab. Click the Authentication Services link. Verify that Directory Service Type and Domain Settings are listed properly:

Now, let’s add the permission, right-click on the white space and choose Add Permission from the context menu. When an Assign Permission window will be open press Add:

Now you can use the pull-down menu to select the domain:

Use the pull-down menu under User And Groups to select the Shows Groups First option, choose an administrative group and click Add:

Now you can see the Active Directory user’s group enabled:

You can try to log in in your vSphere Client with an AD User: