Add an ESXi Host to a directory service

To use centralized users (and groups) instead of local accounts, it's possible to join an ESXi to an AD domain. When the host is added to AD, the ESX Admins domain group has the administrator role on the ESXi host.

It's possible to join an ESXi host to an AD domain if it is a standalone host, or if it's managed by a vCenter Server. But, if your ESXi is already managed by a vCenter Server, authentication and authorization with the vCenter permissions might be enough; there's no need to also use ESXi roles.

If ESXi is managed by vCenter, you can use the vSphere Web Client to join ESXi to an AD domain. Use the Join Domain button in the Authentication Services menu, under the Configure tab of a specific host, as in the following screenshot:

Enter the full AD domain name (in a DNS format), and the credentials of an AD user with enough permissions to join a computer to the domain.

To add a standalone ESXi to an AD domain, you will need the Host UI. In this case, just select the Host | Manage menu, go to the Security & users tab, and select Authentication.

For more information, see the vSphere 6.5 Security Guide (https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-4FD32125-4955-439D-B39F-C654CCB207DC.html).