I know this is an older thread but it seems like a good place for my question.

I run batch script on my vCenter servers which populates a text file with a list of users from an AD Group "ESX-Admins" . This script runs nightly and the file is created in a directory under a Windows file services for Unix NFS share, which is also on my vCenter. The share is then mounted to all my ESX hosts as /vmfs/volumes/depot and is used as a central repository for shared files scripts etc. I then run a bash script on the ESX hosts which deletes all the accounts on the ESX host excluding a handful of service accounts and then adds the users listed in the text file to the ESX host using useradd <username> . Users then authenticate using AD username and password.

Is there any security issue with never assigning a local password for a newly created user account using useradd <username> without using the option -p or later running the passwd command? The account seems to work without issue and does not allow a log in without the correct AD password. From what I have read it seems an account created with useradd is not actually enabled locally until a password is set?