ESXi : enable-ad-auth

Information

Use Active Directory for local user authentication.

Join ESXi hosts to an Active Directory (AD) domain to eliminate the need to create and maintain multiple local user accounts. Using AD for user authentication simplifies the ESXi host configuration, ensures password complexity and reuse policies are enforced and reduces the risk of security breaches and unauthorized access. Note: if the AD group "ESX Admins" (default) exists then all users and groups that are assigned as members to this group will have full administrative access to all ESXi hosts the domain.

http://pubs.vmware.com/vsphere-65/topic/com.vmware.vsphere.security.doc/GUID-4FD32125-4955-439D-B39F-C654CCB207DC.html

Solution

# Join the ESXI Host to the Domain
Get-VMHost | Get-VMHostAuthentication | Set-VMHostAuthentication -Domain $domain -User $username -Password $password -JoinDomain

See Also

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vmware-6-5-update-1-security-configuration-guide.xlsx

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2

Plugin: VMware

Control ID: 3c1a6267c62149e401eea6c0abc217db4665cf51336571f7258ca247286bc716