If you want to add an Active Directory identity source to vCenter Server, you must join the vCenter Server to an Active Directory domain.

If you are unable to use vCenter Server Identity Provider Federation, or Active Directory over LDAPS, vCenter Server supports Integrated Windows Authentication (IWA). To use IWA, you must join the vCenter Server to your Active Directory domain.


  1. Using the vSphere Client, log in to vCenter Server as a user with administrator privileges in the local vCenter Single Sign-On domain (vsphere.local by default).
  2. Select Administration.
  3. Expand Single Sign On and click Configuration.
  4. Under the Identity Provider tab, click Active Directory Domain.
  5. Click Join AD, enter the domain, optional organizational unit, and user name and password, and click Join.
  6. Restart vCenter Server.

What to do next

To attach users and groups from the joined Active Directory domain, add the joined domain as a vCenter Single Sign-On identity source. See Add or Edit a vCenter Single Sign-On Identity Source.