Hi
In security and best practice point of view is it a good idea to add ESXi hosts to AD (VMware Knowledge Base), we have 2 X ESXi hosts in production
Regards
There's no best practice that says adding ESXi hosts to AD is preferred. If you will not need users to login to ESXi directly via AD accounts (and most don't) then don't join them. It's pretty simple.
It depends.
Justification:
Using Active Directory membership allows greater flexibility in granting access to ESXi hosts.
Ensuring that users log in with a unique user account allows greater visibility for auditing.
Implication:
Adding hosts to the domain can add some administrative overhead.
As already was mentioned, it gives you more flexibility. Also if you have more teams and you want some people to be able to do a specific thing in vCenter, it's easy to apply permissions on a user group made in AD.