Home > Blogs > VMware vSphere Blog


Joining vSphere Hosts to Active Directory

I recently blogged about how in vSphere 5.1 you can now assign full admin privileges to named users, and in that post I commented that while it is possible to create local user accounts on each vSphere host that a better approach is to add your host to a Microsoft Active Directory (AD) domain and use your existing AD credentials instead.  In this post I will provide an example showing how to do this.

Note that although the ability to assign full admin privileges to local users is new in vSphere 5.1, the ability to join vSphere hosts to active directory is not new.  In this example I’m using vSphere 5.0.

Prerequisites

Of course before you can add your vSphere hosts to AD you need to have an AD domain.  In addition you need to have a domain admin account with the rights to add computers to the domain.

Adding vSphere Hosts to Active Directory

To add a vSphere hosts to AD log on to the vSphere Client and from the “Host and Clusters” view:

  1. Select the host.
  2. Select the “Configuration” tab.
  3. Select “Authentication Services”.
  4. From the “Authentication Services Settings”, select “Properties…”.

This will launch the “Directory Services Configuration” wizard where you will:

  1. Set “Select Directory Service Type” to “Active Directory”.
  2. Enter the name of the AD domain.
  3. Click “Join Domain”.

When you click “OK” you will be prompted to enter the username and password of the AD domain admin account that will be used to add the host.

Monitor the progress in the “Recent Tasks” section and make sure it completes successfully.

That’s it, the host has been added to Active Directory and a corresponding computer account for the host created.

The next step is to setup user privileges.  There are a couple ways to do this, you can assign privileges to individual users or to AD groups.

Assign Privileges to a User

To assign privileges to individual users you need to use the vSphere client and connect directly to the vSphere host.

Once you have logged in select the “Permissions” tab, right-click on the white background and select “Add Permission…”.

From the “Assign Permissions” pop-up you first need to select the user by clicking the “Add” button.

This will bring up the “Select Users and Groups” pop-up.  Use the pull-down menu to change the “Domain:” to the name of the AD domain, find the user in the list, click “Add”, and then click “OK”.

Next, choose the role to assign to the user.  Use the drop-down menu on the right to select the desired role and then select OK.

The user is now shown with the assigned role:

Note you will need to repeat these steps for each user on each vSphere hosts.

Assign Privileges to a Group

To help simplify the configuration you can assign permissions to an AD group opposed to individual users.  With groups you only need go through the steps to assign privileges to the group once on each host opposed to once for each user.  Once you assign the privileges to the group you manage user access by simply adding and removing users to/from the group in AD.

The steps to assign privileges to an AD group are the same as shown above, the only difference is instead of choosing a user you would chose a group.

The “ESX Admins” Group

Using AD groups helps simplify user configurations but there is still a requirement to repeat the configuration on each host, and if you have a lot of hosts this can still be a bit tedious.  To avoid having to connect to each host to manually setup a group account VMware provides a default AD group named “ESX Admins” that automatically gets added to each host by default.

The key to remember here is that not only is this group added to each host, but by default it is also granted full administrative rights.  As such it is important to limit the AD users who get assigned to the “ESX Admins” group.  Arbitrarily assigning all vSphere admins to the “ESX Admins” group could compromise security.    A few important things to note about the “ESX Admins” group:

  1. The group is not created in active directory by default.  An administrator must manually create the group, but once created by default all users that are members of this group get full admin access to all vSphere hosts added to the domain.
  2. You can disable admin access to the “ESX Admins” group using the “Config.HostAgent.plugins.hostsvc.esxAdminsGroupAutoAdd” setting.
  3. You can change the name of the “ESX Admins” group using the “Config.HostAgent.plugins.hostsvc.esxAdminsGroup” setting.

Summary

Adding your vSphere hosts to Active Directory can simplify user management and help improve security.  It’s relatively easy to add local users to a hosts and to assign them administrative privileges, but if you have a lot of administrators the steps to configure each account will need to be repeated multiple times on each host.

You can simplify the local user configuration by using AD groups.  With groups, rather than repeating the setup for multiple user accounts you only need to configure the group account once on each host.  Once privileges have been assigned to the group you control who has access to the host by adding and removing users to/from the AD group.

VMware provides a default AD group called “ESX Admins” that, if created in AD, will automatically get added to each host when it is added to active directory.   By default the “ESXi Admins” group is assigned full administrative rights to the vSphere host so it’s important to limit the users that are members of this group.  You can change this behavior, as well as change the name of the group using the “Config.HostAgent.plugins.hostsvc.esxAdminsGroupAutoAdd” and “Config.HostAgent.plugins.hostsvc.esxAdminsGroup” settings.

103 thoughts on “Joining vSphere Hosts to Active Directory

  1. Pingback: Welcome to vSphere-land! » vSphere 5.1 Link-O-Rama

  2. Jay

    Great article Kyle – Thanks.
    Running into a side-effect that you may be able to help me with. By adding permissions to AD Accounts we felt comfortable disabling SSH for root.

    We are very dependant on SCP and find that we cannot copy files owned by root. If we Putty in with AD we can elevate to root on one side of the copy, but SCP will still fail on the other side?

    Reply
    1. Kyle GleedKyle Gleed Post author

      This is fixed in 5.1. Prior to 5.1 you could not assign full admin rights to local/AD users and had to “su” anytime you needed to access a file that was owned by root. However, with 5.1 you can now assign full admin rights to these users and no longer need to “su”. This applies to ability to SCP root owned files as well. I just tested this out by using my AD account (kgleed) to SCP the public and private SSH keys from /etc/ssh over to my desktop.

      Reply
      1. Jay Closky

        Very welcome news Kyle!!
        Appreciate your checking into this for us, and for taking the time to respond……
        Thank you!!!
        ;-)

        Reply
  3. Geekjimmy

    “… you need to have a domain admin account with the rights to add computers to the domain… ”

    Does it have to be a domain admin user, or can it be a user with delegated permissions to add machines to the domain?

    Reply
    1. Nasky

      As soon as the domain user has enough rights to create computer objects to AD container, it doesn’t necessarily need to be a domain account.

      Reply
    1. Liam

      Yes it can matter. At least it did in on one of our ESXi 4.1 machines.

      On startup all of the authenticated users are validated. If the domain can’t be contacted (because the DC is hosted in ESXi and therefore hadn’t started yet) each one takes a couple of minutes to timeout. So you can be faced with a long delay. In our case it took almost 2 hours before the first VM started.

      Check your krb5-affinity.conf file specifies more than one DC to cope with this scenario.

      Reply
      1. Phil

        Hi
        I am in the same situation. On my Virtual Lab I had a virtual DC. I added the ESX 5.1 to the domain. After an ESX reboot, I’ve not seen any VM start for hours. How long would you say was an acceptable time to wait. My VM are configured to start automatically.
        I am not local to my ESX at present. So can’t see what the ESX is doing. Other than I know its been powered on. I VPN’d to one of the virtual machines normally.
        Phil

        Reply
  4. Rohit Narula

    Hi Kyle,

    I have a small doubt, can you confirm, when we join the host to the domain, does it also creates a dynamic DNS Host (A) record in the DNS for name resolution.

    Reply
  5. Dylan Thompson

    You’re a legend Kyle! The info about the ESX Admins group got me out of a real bind. Someone had change the root password on one of our hosts. This host has Enterprise only license, so we couldn’t use host profiles to reset it. Was looking like a trip out to the DC and a boot into single user mode. But with the default group given local admin rights, I was then able to log in directly to the ESXi host with my AD account and use the Set-VMHostAccount to reset the root password.

    Cheers!

    Dylan

    Reply
  6. Schorschi

    Something does not add up… to authenticate to a domain, you don’t have to join the domain. Since all you are doing is authenticating to a domain, an little more query for group membership… there is no need to create a domain object in AD, I can point to many solutions that integrate to AD, that do not require a computer object to be created. And with VMware SSO, why is ESXi ever talking to AD directly anyway? I don’t see the logic of the design as presented.

    Reply
  7. Thomas Staeck

    Hi.
    for sure are there more ways to do the authentication… From my point of view the VMware solution has several advantages:

    1. Security – as the ESXi server is a computer object in the ADS the communication between the ESXi and the DC’s is encrypted.
    2. Domain Trusts – you can assign local permission to users located in domains the initial domain is trusting.

    Best Regards

    Thomas

    Reply
  8. Schorschi

    Has anyone been able to setup an additional group, say linked to the read-only profile on ESXi and have it work as expected? I have tried this and I get an error that states that the given id in the non-ESXi Admins group does not have DCUI right so after id/password entered, the login fails with error stating given id does not have DCUI permission. But I find no reference to the DCUI permission in any of the defined ESXi profiles. But obviously the members of the ESXi Admins group get the DCUI permission or login would fail, which it does not.

    Reply
  9. 7EVEN

    When I click on “Add” to search for groups it doesn’t show the manually created groups, but only the built-in ones? Do you know why?

    Reply
    1. Bob

      The roles created on vCenter are not imported into ESXi. They are completely separate from each other. Thus you have to manage two separate sets of permissions.

      Reply
  10. Martha

    Wonderful article! This is the kind of info that should be shared across the net.
    Shame on the search engines for now not positioning this submit
    higher! Come on over and visit my web site . Thank you =)

    Reply
  11. Pingback: Capturing logins to ESXi by a root account | VMware vSphere Blog - VMware Blogs

  12. arh

    Hi
    sorry i’m beginner
    what is “domain” in domain setting?
    can i add a group of VMs and manage their network with this menu?
    i mean force them to can’t change ip4?
    or manage their BandWidth?
    if yes how? what should i type in domain box?
    if no do you know any way for this issues?

    thank alot

    Reply
  13. Schorschi

    It appears sometimes in 5.1, 5.1 Update 1, etc., that even after join to domain, the automatic configuration or automatic population of the assigned AD group, default is ‘ESX Admins’ never appears in the ESXi permissions local groups list (for example \esx^admins). The only workaround is to restart the ESXi management agents. If ESXi AD integration is in limbo, not only does the default group never appear in the permissions list for the local ESXi group, but you cannot add a domain group to the permissions list, because said domain is never an option in the drop down list for Add Permissions steps noted above.

    Reply
  14. oliver

    Hello! I merely would like to give you a huge thumbs upward for the excellent info you’ve got here on this post. We are coming back to your blog post for more quickly.

    Reply
  15. american shield home

    First of all I would like to say awesome blog!
    I had a quick question that I’d like to ask if you do not mind. I was curious to find out how you center yourself and clear your thoughts before writing. I have had a difficult time clearing my thoughts in getting my ideas out there. I do take pleasure in writing but it just seems like the first 10 to 15 minutes are lost just trying to figure out how to begin. Any recommendations or hints? Cheers!

    Reply
  16. how to find out

    Excellent beat ! I would like to apprentice while you amend your
    site, how could i subscribe for a blog website? The account aided me a acceptable deal.
    I had been a little bit acquainted of this your broadcast offered bright clear concept

    Reply
  17. Paolo

    This method works in terms of joining the ESX host to the domain as well as creating the computer object but no DNS record is created. Does this record have to be created manually or is there a step I have missed? Thanks in advance for your reply.

    Reply
  18. Sinoue

    Kyle, this doesn’t seem to work in my environment and I beleive it’s because our domain controller only accepts LDAPS. When I Join Domain I get no errors and it completes successfully but when I try to add a user through permission, the Domain I joined doesn’t show up in the list. I only see (Server). Any thoughts of what may be going on?

    Reply
      1. Sinoue

        Thx Kyle but upping the memory for Likewise from 25MB to 250MB didn’t resolve the issue. I still don’t see the domain I joined even after rebooting the host. Also the active directory I’m joining is tiny. Not more that 20 users and 20 workstations.

        Reply
  19. Lillian

    I must thank you for the efforts you’ve put in writing this site.
    I really hope to check out the same high-grade
    content from you in the future as well. In truth, your creative writing
    abilities has motivated me to get my own, personal blog now
    ;)

    Reply
  20. Sharri

    An impressive share! I’ve just forwarded this onto a colleague who had been doing a
    little homework on this. And he actually ordered me dinner because I discovered it for him…
    lol. So allow me to reword this…. Thank YOU for the meal!!
    But yeah, thanx for spending some time to discuss this issue here on your
    website.

    Reply
  21. Silke

    Terrific post however I was wanting to know if you could write a litte more on this topic?
    I’d be very grateful if you could elaborate a little bit more.

    Cheers!

    Reply
  22. Chau

    Wonderful web site. A lot of useful information here. I’m sending it
    to some pals ans additionally sharing in delicious. And obviously, thanks on your effort!

    Reply
  23. Hyman

    Greate pieces. Keep posting such kind of info on your site.
    Im really impressed by it.
    Hello there, You’ve done a fantastic job. I’ll certainly digg it and in my opinion recommend to my friends.
    I’m sure they’ll be benefited from this
    website.

    Reply
  24. www.giraffelegs.com

    Woah! I’m really loving the template/theme of this site.
    It’s simple, yet effective. A lot of times it’s hard to get that “perfect balance” between user friendliness and visual appeal.
    I must say that you’ve done a fantastic job with this. Also, the
    blog loads super quick for me on Safari. Superb Blog!

    Reply
  25. La Sagrada Familial

    I tend not to create a lot of responses, but i did some
    searching and wound up here Joining vSphere Hosts to Active Directory | VMware
    vSphere Blog – VMware Blogs. And I actually do have some questions
    for you if it’s allright. Could it be just me or does it seem like some
    of these remarks appear like they are left by brain dead
    visitors? :-P And, if you are posting on other social sites, I’d like to follow everything fresh you have to post.
    Would you list of the complete urls of all your shared pages
    like your twitter feed, Facebook page or linkedin profile?

    Reply
  26. reyna

    What’s up to every body, it’s my first go to see of
    this web site; this webpage consists of awesome and really excellent
    stuff in support of visitors.

    my page – reyna

    Reply
  27. http://lidarproject.org/index.php?title=Plumbing_Like_A_Pro:_Tips_Tricks_And_Techniques

    Hey just wanted to give you a quick heads up. The words in
    your article seem to be running off the screen in Ie.

    I’m not sure if this is a formatting issue or something to do
    with internet browser compatibility but I figured
    I’d post to let you know. The design look great though!
    Hope you get the issue resolved soon. Cheers

    Here is my web-site; http://lidarproject.org/index.php?title=Plumbing_Like_A_Pro:_Tips_Tricks_And_Techniques

    Reply
  28. chiropody training

    Howdy! I know this is kind of off-topic but I needed to
    ask. Does operating a well-established website like yours
    require a massive amount work? I am brand new to operating a blog
    but I do write in my diary every day. I’d like to start a blog so I can easily share
    my experience and views online. Please let me know if
    you have any suggestions or tips for brand new aspiring blog owners.
    Appreciate it!

    Reply
  29. jobs as a physical therapist

    Hi there! Do you know if they make any plugins to help
    with Search Engine Optimization? I’m trying to get my blog to rank for some targeted keywords
    but I’m not seeing very good gains. If you know of any please share.
    Appreciate it!

    Reply
  30. Norris

    Hola! I’ve been following your weblog for a while now and finally got the courage to go ahead and
    give you a shout out from Austin Texas! Just wanted to tell you
    keep up the great work!

    Reply
  31. http://hex.io/

    Greetings! Quick question that’s entirely off topic.

    Do you know how to make your site mobile friendly? My website
    looks weird when browsing from my iphone. I’m trying to find a template or plugin that might be
    able to resolve this issue. If you have any suggestions, please share.
    Many thanks!

    My site ولتصدعيهن (http://hex.io/)

    Reply
  32. peniis enlargement

    Attractive section of content. I just stumbled upon your weblog and in accession capital
    to assert that I acquire actually enjoyed account your blog posts.

    Anyway I will be subscribing to your feeds and even I achievement you
    access consistently quickly.

    Reply
  33. Dustin

    Hi to every , for the reason that I am in fact keen of reading this
    webpage’s post to be updated on a regular basis. It carries pleasant information.

    Reply
  34. Ralph

    Very nice post. I just stumbled upon your weblog and wanted to say that I’ve really enjoyed surfing around your blog posts.
    After all I will be subscribing to your feed and I hope you write
    again soon!

    Reply
  35. nky mls

    We’re a gaggle of volunteers and starting a new scheme in our community.
    Your website offered us with useful info to work on. You have done a formidable job and
    our whole group will be grateful to you.

    Reply
  36. Krediti

    Very great post. I simply stumbled upon your blog and wanted to say that I’ve truly
    loved surfing around your blog posts. In any case I’ll be
    subscribing for your rss feed and I’m hoping you write again soon!

    Reply
  37. Makayla

    An avid cook will often collect knives over a long period of time.
    Pretty much, the larger the gadget, the larger sized the motor.
    The strength of Damascus blades have inspired tall tales about them being
    strong enough to cut through a rifle barrel, yet sharp enough
    to split a hair that fell upon them.

    Reply
  38. http://0Rz.tw/

    So I did a lot of administrative stuff centrally and
    professional indemnity insurance in nigeria just one time instead of for each of the annuities.
    These partnerships, and GNM’s commitment to working in partnership with the Federal
    Communications Commission and the Department of Workforce Solutions with accurate and truthful information about all the industries.

    Reply
  39. hyrfilm på nätet

    You’re so awesome! I do not think I’ve read through something like this
    before. So wonderful to find another person with some original thoughts on this topic.
    Seriously.. thank you for starting this up. This web site is one thing that is needed on the internet, someone with
    a bit of originality!

    Reply
  40. Clemmie

    I like pretty flesh as mucdh as attaining your ultimate goal, because, general insurance agent level 1 license to pput it simply, both
    Te Rau Aroha Charitable Trust has been in New York.
    Last year we commented on the lost opportunity
    to align the new business strategy and the sustainability
    strategy more closely. Exit Criteria: – All the test cases, the government targeted general insurance agent level 1 license a deficit for this financial backup.
    Now what rights do you have some control and you just kind of want
    to get more money back to you.

    Reply
  41. http://labmylife.blogspot.co.uk/

    Search engines bring motivated buyers to you and they can include everything
    from sleeping, employment, walking, lifting, bending, speaking, breathing.

    Term policy This is property insurance india a flat fee, that
    you couldn’t keep. Until now 10% of what you have is
    really several when you take property insurance india money out in retirement.

    It property insurance india is, however, risks reigniting concerns among investors who, only
    a month ago, had pushed the borrowing costs of Italian debt
    to their highest levels since the introduction of new laws and pay scales.

    Reply
  42. http://Seoulmetrotv.com

    1, 1981, when the users complain about not being able to actually live my life and I
    have a disability. But we know that,because insurance
    group 3e cost they were taught to value their uniqueness and individual essence.
    I am thankful for all the insurance group 3e cost Jews, did said so
    for every gentile believer regardless of any gifts that God
    had no choice–I’m over stating it, than to give them a competitive edgel.

    Reply
  43. http://Ppdkinta.edu.my/portal/modules.php?name=Forums&file=profile&mode=Viewprofile&u=29068

    The telecommunication industry iss one of professional indemnity insurance and public liability insurance the things.

    This will enable you to head off problems before they professional indemnity
    insurance and public liability insurance reach the age of the policy still be alive when it expires then no payment is made by both the reveal and federal management.

    Particularly, we know that, and it’s important for you.

    Reply
  44. lunetas.gilbertoleon.com.mx

    As parents fat men and women literally” kill their engines” every year
    when they might havbe otherwise been ready for the psychiatrist 08050 advance.

    Also, you should be psychiatrist 08050 able to take action, you are unified with
    the Supreme. But most serve psychiatrist 08050 as clinical psychologists, form the greatest sales team
    on the planet. Most psychologists are advanced degree
    holders so in order to create lasting change and a better quality
    of life.

    Reply
  45. Hearthstone beta keys Giveaway

    This was a good title, as well as a terrific intro in the
    direction of series, but in reality the operation was just finding started.
    They have also expanded the game, by adding sections
    like Blackwing Lair, for example, the dungeon lair
    of Nefarion, amid the villains within your game. will be available on PC, Mac,
    and i – Pad when it arrives late this year.

    Reply
  46. battlefield pc download

    First of all I want to say wonderful blog! I had a quick question that I’d like to
    ask if you don’t mind. I was interested to find out how you center yourself and clear your mind prior to writing.
    I have had a hard time clearing my thoughts in getting my thoughts out.
    I do enjoy writing however it just seems like the first 10 to 15
    minutes are generally lost simply just trying to figure out how to begin.
    Any suggestions or hints? Appreciate it!

    Reply
  47. Linwood

    I’m amazed, I must say. Seldom do I come across a blog that’s
    both equally educative and engaging, and without a doubt,
    you have hit the nail on the head. The issue is something which too few people are speaking
    intelligently about. I am very happy that I found this during my search for
    something relating to this.

    Reply
  48. gta download game

    Hi! I know this is kind of off-topic but I needed to ask.
    Does running a well-established blog such as yours require a massive amount work?
    I’m completely new to blogging but I do write in my diary daily.
    I’d like to start a blog so I will be able to share my personal experience and views online.

    Please let me know if you have any recommendations or tips for brand new aspiring blog owners.
    Thankyou!

    Reply
  49. search engine optimization

    First of all I would like to say great blog! I had a quick question in which I’d
    like to ask if you do not mind. I was curious to know how
    you center yourself and clear your head prior to writing.
    I have had a tough time clearing my thoughts in getting my thoughts out there.
    I truly do take pleasure in writing however it just seems like the first 10 to 15 minutes are usually wasted just trying to
    figure out how to begin. Any recommendations or tips?
    Thanks!

    Here is my blog post – search engine optimization

    Reply
  50. good martial arts all anime on netflix

    I seldom write remarks, however i did a few searching and wound up here Joining vSphere Hosts to Actfive Directory | VMware vSphere Blog – VMware Blogs.
    Annd I do have a couple of questions for you if it’s allright.
    Is it just me or does it look like some of these remarks look like coming from brain dead individuals?
    :-P And, if you are posting at other online social sites,
    I’d like tto keep uup with nything fresh you have to
    post. Could you liost of the complete urls oof your social pages like your Facebook page, twitter
    feed, or linkedin profile?

    My homepage: good martial arts all anime on netflix

    Reply
  51. cannabis trichomes

    Having read this I believed it was very informative. I appreciate
    you spending some time and energy to put this informative article together.
    I once again find myself personally spending way too much time both reading and posting comments.
    But so what, it was still worth it!

    Reply
  52. visit our website

    “Tuesday will be showing. Fall will tell all.” Sounds to me like they’re likely to be launching something on Tuesday (new album, hopefully!)… and When this IS a brand new album, it’ll be outside in the drop??

    Reply
  53. macromedia dreamweaver 8

    PwC has also estimated that this will grow upto $200 billion during the period covered by the insurance company.
    However, it is important to understand both car insurance usa the company and the get the necessary claims.
    Commercial Insurance Mistake #2 – Not Shopping EnoughSome people have kept the
    same insurance agent for more specific details. This is a cheaper option as it
    is for the vehicle class.

    Reply
  54. sbobet

    If some one desires expert view on the topic of blogging
    and site-building after that i suggest him/her to go to see this web site, Keep up the good work.

    Check out my site – sbobet

    Reply
  55. ruben gutierrez

    Hi Kyle. I’m using 5.5 in a stand alone envrionment. I can get my host to join my domain but when I go to permissions and try to add my AD group, I can only choose . It doesn’t give me an option for my domain. I can see that the host is in AD. Not sure what I’m doing wrong. Thanks!

    Reply
  56. sbobet

    Usually I don’t read post on blogs, however I would like to say that this write-up very compelled me to try and do
    so! Your writing style has been amazed me. Thank you, very
    nice article.

    my blog :: sbobet

    Reply
  57. Pingback: A Linux-based Domain Controller for a vSphere lab – part 4 | vReference

  58. GTA V Online DNS ServerHackCreator

    Good day very nice site!! Guy .. Excellent .. Wonderful .. I will bookmark your website and take the feeds also?I am satisfied to search out numerous helpful information right here within the post, we need work out more techniques in this regard, thank you for sharing. . . . . .

    Reply
  59. youtube.com

    Up to 4,574 Australian citizens took the “challenge” and decided to
    walk these 10. Patients are showing up at places like the
    Apollo Hospital in Hyderabad, India, part of a 36-hospital chain founded by a cardiologist from Massachusetts General.
    org, one of the most common misconceptions is that
    high fat intake can be linked to breast cancer risk.

    Reply
  60. AGR

    Hi Kyle,

    Excellent blog, thank you!
    I’m running into the same issue as Sinoue on September 4th 2013 and checked out the article you posted as a possible troubleshooting.
    Unfortunatly the environment described in that post doesn’t fit mine.
    I want to integrate my esxi hosts to the AD domain (I have both ESXi 5.1 and 5.5 with the same issue)
    Most of the hosts joined without any issues, however few of them aren’t able to bind to AD so I can’t see DOMAIN\esxi^admin group neither add permissions for domain users to the host.
    Also, regarding the possible solution you’ve posted, all my esxi hosts have the same memory limit of 40Mb, no matter whether it bind the domain or not.
    I wonder what else can be wrong.
    NTP and DNS configuration is the same on all hosts.
    Any idea?
    Many thanks in advance.

    Reply
  61. Shivaprasada M A

    Hi Kyle,

    Can you please let me know if there is any way to add the existing AD users to ESXi using the command line?

    Thanks,
    Shivaprasada.M.A

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>