It’s important to join your ESXi host to a Windows domain if there is one present in your architecture. Why? For one, you can use your Active Directory (AD) credentials to log into the host if you have to directly. That, in and of itself, is worth joining the host to the domain. Aside from allowing your AD credentials to authenticate you, it’s a good process of hardening your ESXi host. If you join the host to the domain you can eliminate the need to constantly change the root password of your host every time one of your administrators leaves your company. By allowing AD to authenticate, you can simply delegate permissions based on your AD groups such as the ‘Domain Admins’ group. Everyone in the domain admin group will essentially have root access to the host.

Joining a Windows Server or workstation to the domain is a relatively simple process; however, joining an ESXi host to a Windows domain requires a bit more complexity… Read the full article here.

Greg W Stuart
Greg is the owner and editor of He's been a VMware vExpert every year since 2011. Greg enjoys spending time with his wife and 3 kids. He works as a Sr. Consultant at VMware and resides in Northern Virginia, 15 minutes west of Washington DC.

2 thoughts on “Joining your ESXi host to a Windows Domain

  1. I was curious as to whether or not you were able to figure out how to make an ESXi host update its secure channel AD password? By default the password changes automatically every 30 days, and we keep seeing that they lose their connection to AD.

  2. I was wondering if you had figured out how to deal with the default AD machine account password change setup. We’ve had problems adding our ESXi hosts into AD because they don’t update their AD account passwords appropriately.

Leave a Reply

Your email address will not be published. Required fields are marked *