VMware Cloud Community
MihirP
Enthusiast
Enthusiast
‎08-06-2014 06:21 AM
Jump to solution

ESXi host AD Integrated Authentication

Hello,

I want to join ESXi 5.0 hosts to AD domain. I know how to do it.

But want to know if there will be any effect on the hosts/vms on doing it. Because these 4 hosts are production hosts running live vms.

Thanks,

Mihir

0 Kudos
1 Solution

Accepted Solutions
JPM300
Commander
Commander
‎08-06-2014 08:45 AM
Jump to solution

This can be done live and doesn't effect production.  However if you join a ESXi server to the domain then add a bunch of permissions that are domain based, then leave the domain, those permission will go away.  So its just something to be awear of.

View solution in original post

0 Kudos
8 Replies
LucD
Leadership
Leadership
‎08-06-2014 08:13 AM
Jump to solution

Thread moved to the VMware ESXi 5 community


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
vfk
Expert
Expert
‎08-06-2014 08:21 AM
Jump to solution

This may help Joining vSphere Hosts to Active Directory | VMware vSphere Blog - VMware Blogs

--- If you found this or any other answer helpful, please consider the use of the Helpful or Correct buttons to award points. vfk Systems Manager / Technical Architect VCP5-DCV, VCAP5-DCA, vExpert, ITILv3, CCNA, MCP
0 Kudos
MihirP
Enthusiast
Enthusiast
‎08-06-2014 08:41 AM
Jump to solution

I have already went through this article, but I want to know if this joining to domain can be done in production hours or not. Will it effect running ESXi host etc?

Thanks,

Mihir

0 Kudos
JPM300
Commander
Commander
‎08-06-2014 08:45 AM
Jump to solution

This can be done live and doesn't effect production.  However if you join a ESXi server to the domain then add a bunch of permissions that are domain based, then leave the domain, those permission will go away.  So its just something to be awear of.

0 Kudos
vfk
Expert
Expert
‎08-06-2014 08:55 AM
Jump to solution

Yup, that should be fine.

--- If you found this or any other answer helpful, please consider the use of the Helpful or Correct buttons to award points. vfk Systems Manager / Technical Architect VCP5-DCV, VCAP5-DCA, vExpert, ITILv3, CCNA, MCP
0 Kudos
MihirP
Enthusiast
Enthusiast
‎08-06-2014 08:56 AM
Jump to solution

Ok, last question, "its just something to be aware of" --> by this you meant w.r.t user permissions?

0 Kudos
JPM300
Commander
Commander
‎08-06-2014 08:58 AM
Jump to solution

Yeah,

So say you assign a group called Vmware Admins which is an AD security group admin permissions on your hosts once they are domain joined.  If you remove that host from the domain that permission will be removed as well.  So if you end up doing 90% of your permissions with AD groups then you want to remove that host from the domain for some reason just be awear that your AD permissions will not stick around once removed from AD.

0 Kudos
vfk
Expert
Expert
‎08-06-2014 09:04 AM
Jump to solution

Good point JPM300, although, host level permissions is something you should avoid in general if you have vcentrer.  User Folders and template view to assign permissions at folder level.  anyway, this all depends your environment, how you plan to assign permission and who should have access to vsphere environment.

--- If you found this or any other answer helpful, please consider the use of the Helpful or Correct buttons to award points. vfk Systems Manager / Technical Architect VCP5-DCV, VCAP5-DCA, vExpert, ITILv3, CCNA, MCP
0 Kudos