VIDEO: New vSphere 4.1 Windows Active Directory Authentication
by David Davis on July 13, 2010
With the VMware vSphere 4.1 release there are lots of new features to talk about! One of those features that caught my eye is the ability for ESX/ESXi servers to “join” a Windows Active Directory (AD) domain. That’s right, an ESX server can be a member server in AD. That means that you can then login to that ESX host using your Winodws AD username and password. This applies when connecting to the server using the vSphere Client, going to the console, or connecting via SSH. This is also a nice security function because instead of logging on locally as “root”, now each user can login as themselves (and that entry will be made in the associated security logs).
Here’s a new video I created on how to configure this cool new vSphere 4.1 feature – Windows Active Directory Authentication.
Found out how to do this eventually – just need to do an ‘id’ command on the host to see the way the AD groups you are a member of are listed, then add the AD group to the sudoers file.
To answer the questions one at a time…
1. Doug – Thanks for your comment and follow up on how to configure this! Glad you liked the video!
2. Kenneth – No, I don’t think that this has any anything to do with DC’s really… This just allows an ESX or ESXi server to be an AD member server and it allows you to use your AD credentials when administering the server locally.
3. Rich – According to VMware, YES, it works with ESX AND ESXi. I had some issues with ESXi in my beta and that was why I didn’t demo it with ESXi or mention it too much but, according to VMware, it should be working with ESXi and the GA version of 4.1
Does this work if you are using a standalone box with just vi client? I was ale to join my domain but I didn’t see where I could add my domain users or group
Hi Kenneth,
Thanks for your post!
Great Question!
I need to test this with a standalone ESXi server. The default group for authentication that should be created when you join the ESXi host is “ESX Admins”. Check your AD DC to see if that group was created. From there, you would just add the appropriate AD users to that group to make them ESXi admins on the standalone server (that’s the THEORY at least).
I’ll do some more testing on this.
Thanks!
-David
Hi David,
Thanks for this video, whcih guide throgh how to AD Authentication works with ESX 4.1. I just down loaded ESXi 4.1 and follow the same steps as you shown in video and it works perfectly. Once again thankyou so much for sharing such informative video.
Thanks for the video! Hope you can advise/help me on this one: when i use a AD account to login with VI it works, when i login with putty/ssh the machine crashes. Somebody any ideas?
David Davis (CCIE #9369, vExpert, VCP, CISSP, MCSE) has been in the IT industry for 15+ years. He has authored over 300 articles, 6 video training courses, and co-authored one book. Learn about David's certifications, video courses, and where you can find his content on our About Us page.
David Davis (CCIE #9369, vExpert, VCP, CISSP, MCSE) has been in the IT industry for 15+ years. He has authored over 300 articles, 6 video training courses, and co-authored one book. Learn about David's certifications, video courses, and where you can find his content on our 
{ 10 comments… read them below or add one }
Great new feature & great video on how to configure it. How do you configure sudo for domain users to save everyone knowing the root password?
Found out how to do this eventually – just need to do an ‘id’ command on the host to see the way the AD groups you are a member of are listed, then add the AD group to the sudoers file.
Do you think this new feature will impact the decision of having physical or virtual domain controllers? or should that be a non issue?
Does this feature work on ESX and ESXi 4.1?
Hi All,
Thanks for the comments!
To answer the questions one at a time…
1. Doug – Thanks for your comment and follow up on how to configure this! Glad you liked the video!
2. Kenneth – No, I don’t think that this has any anything to do with DC’s really… This just allows an ESX or ESXi server to be an AD member server and it allows you to use your AD credentials when administering the server locally.
3. Rich – According to VMware, YES, it works with ESX AND ESXi. I had some issues with ESXi in my beta and that was why I didn’t demo it with ESXi or mention it too much but, according to VMware, it should be working with ESXi and the GA version of 4.1
Thanks for watching!
-David
Does this work if you are using a standalone box with just vi client? I was ale to join my domain but I didn’t see where I could add my domain users or group
Hi Kenneth,
Thanks for your post!
Great Question!
I need to test this with a standalone ESXi server. The default group for authentication that should be created when you join the ESXi host is “ESX Admins”. Check your AD DC to see if that group was created. From there, you would just add the appropriate AD users to that group to make them ESXi admins on the standalone server (that’s the THEORY at least).
I’ll do some more testing on this.
Thanks!
-David
Thank you for the video. I enjoyed it.
Hi David,
Thanks for this video, whcih guide throgh how to AD Authentication works with ESX 4.1. I just down loaded ESXi 4.1 and follow the same steps as you shown in video and it works perfectly. Once again thankyou so much for sharing such informative video.
Thanks for the video! Hope you can advise/help me on this one: when i use a AD account to login with VI it works, when i login with putty/ssh the machine crashes. Somebody any ideas?