When using VMware ESXi 5 in an environment with Microsoft
Active Directory, it is worth joining the hosts to Active Directory, and very
simple to do.
Starting point
Windows Domain Controller
A fresh build of ESXi 5.0 with just root password
configured, and acquiring an IP address via DHCP
Configuration via the host Configuration tab
1. DNS and Routing
Configuration:
Configure with Name, DNS Domain, and IP address of a DNS
server which serves Microsoft Active Directory Domain DNS information.
2. Time
Configuration:
Check time on the ESXi host is in sync with the Domain
Controllers.
NTP should be configured to point to either internal NTP
servers - alternatively can use the VMware NTP pool - 0.vmware.pool.ntp.org, 1.vmware.pool.ntp.org, 2.vmware.pool.ntp.org.
3. Authentication
Services:
Select Properties…
Select Directory Service Type: Active Directory
Enter the DNS domain
Click ‘Join Domain’
And enter username and password.
And that’s it! No need to reboot and no Security Profile
settings on the host - Services or Firewall -have been changed from defaults.
The ESXi host will appear in Active Directory with an
Operating System of unknown, version: unknown, and service pack: Likewise Identity
5.3.0
Note that the host is not added into DNS; this needs to
be done manually.
Configuration via the host Permissions Tab
Via the Permissions tab, add in a domain user with
permissions to the host (problems connecting to AD for group and user
information, may be caused by Windows Firewall on the Domain Controller!)
Testing
Test connection to the host using an Active Directory login.
The domain login could even be used via SSH (check that
the SSH service is started first from the Configuration tab > Security
Profile > Services properties)
Via SSH, the root password is still required to enter
privileged mode (using su - .) An AD
user with the Administrator role can reset the root password.
Comments
Post a Comment