When you join a host to a directory service domain, you can use the vSphere Authentication Proxy server for authentication instead of transmitting user-supplied Active Directory credentials.

Before you begin

  • Connect to a vCenter Server system with the vSphere Web Client.

  • If ESXi is configured with a DHCP address, set up the DHCP range.

  • If ESXi is configured with a static IP address, verify that its associated profile is configured to use the vSphere Authentication Proxy service to join a domain so that the authentication proxy server can trust the ESXi IP address.

  • If ESXi is using a VMCA-signed certificate, verify that the host has been added to vCenter Server. This allows the authentication proxy server to trust ESXi.

  • If ESXi is using a CA-signed certificate and is not provisioned by Auto Deploy, verify that the CA certificate has been added to the local trust certificate store of the authentication proxy server as described in Configure a Host to Use the vSphere Authentication Proxy for Authentication.

  • Authenticate the vSphere Authentication Proxy server to the host.

About this task

You can enter the domain name in one of two ways:

  • name.tld (for example, domain.com): The account is created under the default container.

  • name.tld/container/path (for example, domain.com/OU1/OU2): The account is created under a particular organizational unit (OU).

Procedure

  1. Browse to the host in the vSphere Web Client and click the Manage tab.
  2. Click Settings and select Authentication Services.
  3. Click Join Domain.
  4. Enter a domain.

    Use the form name.tld or name.tld/container/path.

  5. Select Using Proxy Server.
  6. Enter the IP address of the authentication proxy server.
  7. Click OK.