The Auto Deploy server adds all hosts that it provisions to vSphere Authentication Proxy, and vSphere Authentication Proxy adds those hosts to the domain. If you want to add other hosts to a domain using vSphere Authentication Proxy, you can add those hosts to vSphere Authentication Proxy explicitly. Afterwards, the vSphere Authentication Proxy server adds those hosts to the domain. As a result, user-supplied credentials no longer have to be transmitted to the vCenter Server system.

You can enter the domain name in one of two ways:
  • name.tld (for example, domain.com): The account is created under the default container.
  • name.tld/container/path (for example, domain.com/OU1/OU2): The account is created under a particular organizational unit (OU).

Prerequisites

  • If the ESXi host is using a VMCA-signed certificate, verify that the host has been added to vCenter Server. Otherwise, the Authentication Proxy service cannot trust the ESXi host.

  • If ESXi is using a root CA-signed certificate, verify that the root CA-signed certificate has been added to the vCenter Server system. See Certificate Management for ESXi Hosts.

Procedure

  1. Connect to a vCenter Server system with the vSphere Web Client.
  2. Browse to the host in the vSphere Web Client and click Configure.
  3. Under Settings, select Authentication Services.
  4. Click Join Domain.
  5. Enter a domain.

    Use the form name.tld, for example, mydomain.com, or name.tld/container/path, for example, mydomain.com/organizational_unit1/organizational_unit2.

  6. Select Using Proxy Server.
  7. Enter the IP address of the Authentication Proxy server, which is always the same as the IP address of the vCenter Server system.
  8. Click OK.