When you use the vSphere Authentication Proxy, you do not need to transmit Active Directory credentials to the host. Users supply the domain name of the Active Directory server and the IP address of the authentication proxy server when they add a host to a domain.
vSphere Authentication Proxy is especially useful when used with Auto Deploy. You can set up a reference host that points to Authentication Proxy and set up a rule that applies the reference host's profile to any ESXi host provisioned with Auto Deploy. Even if you use vSphere Authentication Proxy in an environment that uses certificates that are provisioned by VMCA or third-party certificates, the process works seamlessly as long as you follow the instructions for using custom certificates with Auto Deploy. See the vSphere Security guide.