Add ESXi 6.5 Hosts to an Active Directory Domain

You have everything hooked up to AD, right?

There’s no better way to compromise your entire lab than having a SSO password for just about everything. I’m not (entirely) serious of course, but that’s a discussion for another day; So here’s a quick run down on adding ESXi 6.5 hosts to AD instead.

Create an AD Security Group

In Active Directory, open Active Directory Users and Computers

Select Users, then Create a new group in the current container. Give it a name that will make sense so that it isn’t accidentally deleted

Select an administrator that should have access to ESXi via AD, right click them and choose Add to a group. Enter the name of the group that was just created

Add Hosts to AD

Head to the new(ish) host client at https://HOST_IP/ui/

Navigate to Manage -> Security and Users -> Authentication the select Join Domain

Enter the domain name, an administrator user name and their password

It shouldn’t take long

The final task is to tell ESXi about the security group that was created initially. Head to Manage -> System -> Advanced settings, then look for plugins.hostsvc.esxAdminsGroup. Select Edit option, then enter the name of the security group created earlier

Propagation should take around a minute before you can log in with AD credentials.

Some things to check if joining fails

Enable SSH, then-

  • Ping the AD DC IP – failure indicates a connectivity issue
  • Ping the AD DC domain name – failure indicates a DNS issue
  • telnet DC_IP_ADDRESS 389 – failure indicates a firewall issue
  • Check time is synchronised between ESXi and the domain controller
  • /etc/init.d/lwsmd start – if errors include likewise service manager [failed to set memory reservation], free some physical memory then try again

Leave a Reply

Your email address will not be published. Required fields are marked *