VMware Cloud Community
ar264285
Contributor
Contributor
‎12-26-2019 10:20 AM

ESX Adding to Active Directory

Hi Friends,

I would like to add the ESX host in Windows Active Directory, please share the inputs and powercli scripts.

I have followed the cmd below. I'm able to add ESX host in Active Directory, unable to login with ESX using AD Credentials (after adding domain & No rebooted), is there any way to add the same AD Group using VC Admin permission group has been added to the ESX.

Get-VMHostAuthentication -VMHost <VMHost> | Set-VMHostAuthentication -JoinDomain -Domain <Domain> -User <Username> -Password <Password>

Thanks !!!!!

0 Kudos
3 Replies
a_p_
Leadership
Leadership
‎12-26-2019 10:38 AM

I'm not 100% sure that I fully understand your question, so please don't mind me if this is not what you are asking or.

Once an ESXi host is joined to an AD domain, users in the "ESX Admins" AD group have full permissions. The name of that group can be changed in the host's advanced settings from e.g. the UI, or using PowerCLI. See e.g. https://arabitnetwork.com/2018/12/05/esxi-security-hardening-change-the-default-esx-admins-ad-group/

André

0 Kudos
ar264285
Contributor
Contributor
‎12-26-2019 12:19 PM

After adding ESX server to the Domain. Add the Group to Custom created AD Group(contains Admin Previlages in Vcenter Same group has been added to the ESX host) after Sucessfully Completed not able to Login the ESX Host Gui /Shell.

For Ex: I have added Esx host in domain like : emea.xxx.xxxx

             And i have changed to the  "ESX Admins" to Custom Group has owning the Permissions on the same on Vcenter. (Change               the Config.HostAgent.plugins.hostsvc.esxAdminsGroup setting to match the Administrator group that you want to use in the Active Directory.)

Error Screens:

While trying to Login the ESX : userid@domain.com

pastedImage_0.png

0 Kudos
kunaludapi
Expert
Expert
‎12-27-2019 03:05 AM

Can you keep default group name 'ESX admins' and check?


POWERCLI AND VSPHERE WEB CLIENT: JOIN ESXI INTO ACTIVE DIRECTORY DOMAIN CONTROLLER | vGeek - Tales f...

--------------------------------------------------------------- Kunal Udapi Sr. System Architect (Virtualization, Networking And Storage) http://vcloud-lab.com http://kunaludapi.blogspot.com VMWare vExpert 2014, 2015, 2016 If you found this or other information useful, please consider awarding points for "Correct" or "Helpful".
0 Kudos