vCenter Server Appliance and ESXi will not be able to join the domain unless the user performing the join has the correct permissions in Active Directory.
This may also take place if the ESXi host already exists as an entry in AD; ensure any stale instances of the host being joined are removed.
Microsoft has documented minimally required permissions.
Below steps needs to be performed if the user does not already have the required permissions to assign permissions to AD user in the domain in order for the user to join an appliance into the domain. For more information, see Microsoft Support Article.
This is only an example: