The Auto Deploy server adds all hosts that it provisions to vSphere Authentication Proxy, and vSphere Authentication Proxy adds those hosts to the domain. If you want to add other hosts to a domain using vSphere Authentication Proxy, you can add those hosts to vSphere Authentication Proxy explicitly. Afterwards, the vSphere Authentication Proxy server adds those hosts to the domain. As a result, user-supplied credentials no longer have to be transmitted to the vCenter Server system.

You can enter the domain name in one of two ways:
  • name.tld (for example, domain.com): The account is created under the default container.
  • name.tld/container/path (for example, domain.com/OU1/OU2): The account is created under a particular organizational unit (OU).

Prerequisites

  • If the ESXi host is using a VMCA-signed certificate, verify that the host has been added to vCenter Server. Otherwise, the Authentication Proxy service cannot trust the ESXi host.

  • If the ESXi host is using a root CA-signed certificate, verify that the appropriate root CA-signed certificate has been added to the vCenter Server system. See Certificate Management for ESXi Hosts.

Procedure

  1. Browse to the host in the vSphere Client inventory.
  2. Click Configure.
  3. Under System, select Authentication Services.
  4. Click Join Domain.
  5. Enter a domain.

    Use the form name.tld, for example mydomain.com, or name.tld/container/path, for example, mydomain.com/organizational_unit1/organizational_unit2.

  6. Select Using Proxy Server.
  7. Enter the IP address of the Authentication Proxy server, which is always the same as the IP address of the vCenter Server system.
  8. Click OK.