The ESX Admins Group and how does the ESXi host know about it July 31, 2012Posted by vbry21 in VMware blogs.
Tags: VMware vSphere 5
On the VMware Install, Configure and Manage course and Fast Track course we talk about Role and we discuss the importance for delegated administration, In version 5 we have the ability to add our ESXi hosts to Active Directory.
The advantage of this is as follows.
We can allow the system administrators to login to the vSphere Client, the vMA and the Direct Console User Interface with an Active Directory account, this then removes the need to divulge the root user password.
One of the statements made on the courses is as follows.
Users who are in the Active Directory Group ESX Admins are automatically assigned to the Administrator Role.
But how does the ESXi hosts know about this group? Well it’s configurable.
Just click the graphic to show in full screen
As can be seen in the graphic,from the vSphere Client, select Hosts and Clusters view, then highlight the host, go to configuration, software and advanced, then select Config > HostAgent > Plugins > Hostsvc and the first option is to specify the AD group used for administration.
The second option, controls whether the group is used.