PowerCLI – Joining an ESXi host to an Active Directory domain

Posted on by Dean Grant

I was recently configuring the Authentication Service on a number of ESXi hosts to join them to an Active Directory domain to manage local user authentication. This is possible using the vSphere Web Client or Client but requires the configuration change to be made on each ESXi host manually and adds an administrative overhead, so lets look at PowerCLI to automate this task.

From PowerCLI, we can use the (Get/Set)-VMHostAuthentication cmdlet to achieve this as below for a single ESXi host:

Get-VMHostAuthentication -VMHost <VMHost> | Set-VMHostAuthentication -JoinDomain -Domain <Domain> -User <Username> -Password <Password>

Now what if I was required to join multiple ESXi hosts in a cluster to the Active Directory domain and create the computer object in a specific organisational unit? Well here is the answer…

Firstly, we will specify the mandatory parameters which are required to invoke the script  and to add the PowerCLI snap-in to the current powershell session and establish a connection to the vCenter server.

Param ([Parameter(Mandatory=$true)][string] $vCenter,[Parameter(Mandatory=$true)][String[]] $Clusters,[Parameter(Mandatory=$true)][string] $Domain, [Parameter(Mandatory=$true)][string] $User, [Parameter(Mandatory=$true)][string] $Password)

If (-not (Get-PSSnapin VMware.VimAutomation.Core -ErrorAction SilentlyContinue)) 
    {
    Add-PSSnapin VMware.VimAutomation.Core | Out-Null 
    }
Connect-VIServer $vCenter

As you can see from the above in order to invoke the script, this has a mandatory requirement to specify the following:

  • vCenter – The name of the vCenter server to establish the connection.
  • Clusters – The name(s) of the Clusters to which you want to join ESXi hosts to the Active Directory domain.
  • Domain – The canonical name of the organisational unit object where the computer object will be created for the ESXi host.
  • User – The username provided to join the ESXi host to the domain
  • Password – The password  provided to join the ESXi host to the domain

Once the connection has been established to the vCenter server, an operation on each Cluster specified in the mandatory parameter will be performed to retreive a collection of ESXi hosts.

ForEach ($Cluster in $Clusters)
    { 
    $VMHosts = Get-Cluster $Cluster | Get-VMHost

For each ESXi host in the collection, we will invoke the Set-VMHostAuthentication cmdlet as above to join each ESXi host to the specified Active Directory domain where the computer object is created in a specified organisational unit, to remove user interaction the Confirm value will be set to ‘False’

ForEach ($VMHost in $VMHosts)
     { 
     Get-VMHostAuthentication -VMHost $VMHost.Name | Set-VMHostAuthentication -JoinDomain -Domain $Domain -User $User -Password $Password -Confirm:$False
     } 
}

To invoke the script in a powershell session, this can be performed as below:

./Join-ESXiHostDomain.ps1  -vCenter server1.domain.local -Clusters cluster1,cluster2 -Domain domain.local/Servers/ESXi -User user01 -Password Password01

The script in full can be downloaded from the below link:

https://www.dropbox.com/s/elumv12vs65bn57/Join-ESXiHostDomain.ps1

One thought on “PowerCLI – Joining an ESXi host to an Active Directory domain

  1. Pingback: Deploying the vMA appliance, authentication and authorization and configuring fastpass | Deans Blog

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s