How To Enable Active Directory Authentication for ESXi
The need to log in to an ESXi server via the vSphere client is extremely minimal, but there are instances where you may have to log in to ESXi directly. For instance, your vCenter is a virtual server and something goes wrong, and you have to log in to the ESXi host where it resides to do a manual reboot. Another example: You want to monitor your ESXi hosts using a third-party tool, so you will need a user with read-only access.
It's simple enough to log in once, but it could be a hassle to repeat the process several times, especially in environments where there are many ESXi hosts.
Well, ESXi can now be joined to your Active Directory domain, which means you can use your AD credentials to log in locally to the ESXi host using the vSphere client.
Here are the steps to enable Active Directory authentication:
- Log in to your ESXi hosts locally and click on Configuration.
- On the left side of the dialog, select Authentication Services and then click Properties.
- From the Select Directory Services Type drop-down, choose Active Directory.
- In the domain settings, you can add your domain in one of two ways:
- Simply add mydomain.local; this will add the computer account for ESXi in the default Computers OU.
- To specify a different OU where you want the ESXi computer account to be located, use this format: mydomain.local/vsphere.
- Click Join domain and provide credentials when prompted with enough privileges to add computers to the domain.
- Add the AD user or group to the ESXi host and assign the appropriate role.
As you can see, it is a straight-forward process. I have found this integration with AD to be very useful in my deployments, especially in larger environments.
Now that being said, Rick Vanover has covered the licensing impact of adding ESXi hosts to an Active Directory domain; it is a good read with helpful information, which I encourage you to check out if you plan to do what I've shown here.
Posted by Elias Khnaser on 05/26/2011 at 12:49 PM