Configuring Active Directory Authentication and Permissions for ESXi from UI
search cancel

Configuring Active Directory Authentication and Permissions for ESXi from UI

book

Article ID: 316623

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

This article provides steps to add an ESXi host to an Active Directory domain and to provide permissions to AD users. 

Environment

ESXi

Resolution


To add an ESXi host to the Active Directory using vSphere Client (HTML5):

  1. Confirm the ESXi host is synchronizing time with the Active Directory Domain controller. For more information, see Synchronizing ESXi/ESX time with a Microsoft Domain Controller.
  2. From the vCenter Server vSphere Client, select the host that will be added to the Active Directory.
  3. Click the Configure tab.
  4. Click the Authentication Services.
  5. Click the Join Domain... link at the top right pane.
  6. In the Join Domain dialog, enter a domain. Use the form example.com or example.com/OU1/OU2.
  7. Enter the username (in [email protected] format) and password of a directory service user account that has permission to join the host to the domain and click OK.
  8. Click OK.
  9. Click the Configure tab and click Advanced System Settings.
  10. Under the Key column, click the filter icon and search for Config.HostAgent.plugins.hostsvc.esxAdminsGroup
  11. Confirm the Config.HostAgent.plugins.hostsvc.esxAdminsGroup setting matches the Administrator group that will be used in the Active Directory. These settings take effect within a minute and no reboot is required. To edit, click the top right EDIT... link.
Note:
  • If the Config.HostAgent.plugins.hostsvc.esxAdminsGroup setting is changed, ensure to remove any invalid users from the Permissions tab of the ESXi host.

To add the permissions to the group AD users:

  • Right Click on the Host and Select Permissions.
  • Right-click anywhere in the Permissions area and Choose Add Permission (or click the + Add button).
  • In the Add Permission dialog:
  • Click Add to search for the user or group.
  • Enter the name of the AD user or group (e.g., DOMAIN\UserName or GROUPNAME) and click Check Name.
  • Select the user/group from the results and click Add, then OK.
  • In the Add Permission dialog, select the desired Role (e.g., Administrator, Read-only, or a Custom Role) from the
  • Assigned Role dropdown.
  • Click OK to apply the permission.



Additional Information

Note: For information regarding required ports that need to be open between the ESXi hosts and the Active Directory domain controller, see the VMware Ports and Protocols guide (Filter for "Microsoft Active Directory Domain Controllers")

Note: Joining an ESXi hosts to an Active Directory domain with a read-only domain controller (RODC) is unsupported. ESXi hosts only can join an Active Directory domain with a writable domain controller.

Powered by Wolken Software