You can configure a host to use a directory service such as Active Directory to manage users and groups.
If a host is provisioned with Auto Deploy, Active Directory credentials cannot be stored on the hosts. You can use the vSphere Authentication Proxy to join the host to an Active Directory domain. Because a trust chain exists between the vSphere Authentication Proxy and the host, the Authentication Proxy can join the host to the Active Directory domain. See Using vSphere Authentication Proxy.
- Verify that you have an Active Directory domain. See your directory server documentation.
- Verify that the host name of ESXi is fully qualified with the domain name of the Active Directory forest.
fully qualified domain name = host_name.domain_name
- Synchronize the time between ESXi and the directory service system.
See Synchronize ESXi Clocks with a Network Time Server or the VMware Knowledge Base for information about how to synchronize ESXi time with a Microsoft Domain Controller.
- Ensure that the DNS servers that you configured for the host can resolve the host names for the Active Directory controllers.
- Browse to the host in the vSphere Client inventory.
- Click Configure.
- Under Networking, click TCP/IP configuration.
- Under TCP/IP Stack: Default, click DNS and verify that the host name and DNS server information for the host are correct.
What to do next
Join the host to a directory service domain. See Add a Host to a Directory Service Domain. For hosts that are provisioned with Auto Deploy, set up the vSphere Authentication Proxy. See Using vSphere Authentication Proxy. You can configure permissions so that users and groups from the joined Active Directory domain can access the vCenter Server components. For information about managing permissions, see Add a Permission to an Inventory Object.