I believe that if your Active Directory is inactive, you have more problems than thinking that you cannot access VCSA with an AD user.
1 person found this helpful
You add vCenter to AD to use the integration for users and be able to assign permission in your vmware environment to those users. Thats the main reason (regular users or service users maybe)
If the AD server is not accesible you are always able to log in with @vsphere.local domain. In vCenter you can have multiple domain and always the default domain is there even if you integrate with AD.
For the ESXi is usefull also, but if you dont have any security regulation or compliance to follow, keep the root account for the esxi (also avoid having user performing tasks directly to the esxi when you have a vcenter server) but even if you add the esxi to AD, is the same, local account will be there.
Hope that helps
By adding Active Directory Identity Source (rather than joining AD) you are also able to assign permission in your vmware environment to those users right?
That's right. If you have not joined the VCSA to domain then you will select AD over LDAP as an identity source and provide an account with read perms on active directory.
If you have joined the VCSA to domain then you can use AD integrated authentication wherein you do not need to provide a service account. VCSA machine account will be used to query AD.