Since vSphere 4.1 VMware has enabled Active Directory integration for ESXi into the GUI. This is a nice feature to elevate your security and make sure that your AD can be used for authentication on the ESXi host.
As with all computer account your need to be sure that the following is correct :
* DNS is configured properly on the ESXi host and can resolve AD
* ESXi host has a FQDN name and can be resolved by DNS (also correct reverse DNS lookup!)
* Time in sync with AD server for KerberosYou can configure the directory services in the GUI by accessing the Host Configuration –> Authentication Services and then clicking the Properties. A configuration box will pop up and it will ask you for the properties for your Active Directory service.
Note ! If you want your ESXi host to be put into a specific directory in your Active Directory you’ll need to put the OU directory structure after the domain name. In my case devtest.local/Servers/ESXi in which the ESXi hosts reside in directory ou=Servers,ou=ESXi.
Next you will be asked for domain credentials (please use account@domain.suffix) with privilege to join computer account to the domain.The right credentials will add your ESXi host to Active Directory.
Thanks for sharing. Didn’t know about the specific OU thing.
I’m puzzled:
The path devtest.local/Servers/ESXi would that be in ldap: OU=ESXi,OU=Servers,DC=devtest,DC=local (the ESXi OU resides in the Servers OU)
or as you put it:
OU=Servers,OU=ESXi,DC=devtest,DC=local (the Servers OU resides in the ESXi OU)?
Indeed correct when looking from a LDAP perspective it would be OU=ESXi,OU=Servers,DC=devtest,DC=local
From a ESXi perspective it’s devtest.local/Servers/ESXi. For that reason I chose to name it OU=Servers,OU=ESXi. Not correct in an LDAP way, but correct to explain it in an ESXi domain join.
So the ESXi OU resides under the OU Servers. Sorry for the confusion.