Configure Active Directory integration for VMware vSphere and ESXi

We all know AD (Active Directory) is to centralize things, but for Windows machines. Well… starting from version 4.1, VMware is offering the option to integrate their ESX/ESXi servers with Windows domains. Yes, you could integrate older ESX/ESXi versions with Windows domains, but it was a paint, you had to use scrips and hacks. Now starting with VMware vSphere 4.1, the integration is done using a couple of mouse clicks in vCenter. You still have the option of scripting this process using PowerCLI, if a big number of hosts exists in your environment, but in this post I will show you how to do it using VMware vCenter.

To start, first create a group in AD with the name “ESX Admins”, and put in this group the users that you want to have access to ESX hosts. Now open your vCenter console and go to Configuration > Authentication Services.

In the right upper corner click the Properties link and this should open the Directory Service Configuration window.

Click the drop down box and choose Active Directory. In the Domain box enter your domain name, then click the Join Domain button.

Provide the user name and password to authenticate with the domain.

If you take a look in Active Directory Users and Computers, a computer account was created for the ESX server.

Now let’s test an SSH connection using the domain account.

Open the vSphere client and connect directly to the ESX server, again using the domain account, not the root account.

You can use the form domain\username too.