Hello,
I want to join ESXi 5.0 hosts to AD domain. I know how to do it.
But want to know if there will be any effect on the hosts/vms on doing it. Because these 4 hosts are production hosts running live vms.
Thanks,
Mihir
This can be done live and doesn't effect production. However if you join a ESXi server to the domain then add a bunch of permissions that are domain based, then leave the domain, those permission will go away. So its just something to be awear of.
Thread moved to the VMware ESXi 5 community
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
This may help Joining vSphere Hosts to Active Directory | VMware vSphere Blog - VMware Blogs
I have already went through this article, but I want to know if this joining to domain can be done in production hours or not. Will it effect running ESXi host etc?
Thanks,
Mihir
This can be done live and doesn't effect production. However if you join a ESXi server to the domain then add a bunch of permissions that are domain based, then leave the domain, those permission will go away. So its just something to be awear of.
Yup, that should be fine.
Ok, last question, "its just something to be aware of" --> by this you meant w.r.t user permissions?
Yeah,
So say you assign a group called Vmware Admins which is an AD security group admin permissions on your hosts once they are domain joined. If you remove that host from the domain that permission will be removed as well. So if you end up doing 90% of your permissions with AD groups then you want to remove that host from the domain for some reason just be awear that your AD permissions will not stick around once removed from AD.
Good point JPM300, although, host level permissions is something you should avoid in general if you have vcentrer. User Folders and template view to assign permissions at folder level. anyway, this all depends your environment, how you plan to assign permission and who should have access to vsphere environment.