You can configure the host to use a directory service such as Active Directory to manage users and groups.


  • Verify that you have an Active Directory domain. See your directory server documentation.
  • Verify that the host name of ESXi is fully qualified with the domain name of the Active Directory forest.

    fully qualified domain name = host_name.domain_name


  1. Synchronize the time between ESXi and the directory service system using NTP.
    ESXi supports synchronizing time with an external NTPv3 or NTPv4 server that is compliant with RFC 5905 and RFC 1305. The Microsoft Windows W32Time service does not meet these requirements when running with default settings. See the vSphere Security documentation or the VMware Knowledge Base for information about how to synchronize ESXi time with a Microsoft Domain Controller.
  2. Ensure that the DNS servers you configured for the host can resolve the host names for the Active Directory controllers.
    1. In the vSphere Client, select the host in the inventory.
    2. Click the Configuration tab and click DNS and Routing.
    3. Click the Properties link at the top right of the panel.
    4. In the DNS and Routing Configuration dialog box, verify that the host name and DNS server information for the host are correct.

What to do next

Use the vSphere Client to join a directory service domain.