An ESXi host can also be joined to an AD domain to allow users and groups to manage the hypervisor. When the host is added to AD, the domain group ESX Admins is granted full administrative access to the host, as follows:

1. Log in to the host through a web console by entering the address https://<ESXi_IP>/ui in your favorite browser, then select the Manage menu.
2. Go to the Security & users tab and select the Authentication sub-menu. Click on the Join domain field to join the host to the domain, as shown in the following screenshot:

3. Enter the domain name and the credentials of an AD user with sufficient permissions to join computers to the domain. Click on the Join Domain button.

You might also change the default group that is granted an administrator role within ESXi by changing the advanced default configuration setting Config.HostAgent.plugins.hostsvc.esxAdminsGroup.

Once you have created the ESX Admins Active Directory group and assigned an Active Directory user to it, you can try to log in to the ESXi server using AD credentials, as shown in the following screenshot:

Of course, you can also assign individual Active Directory users or groups specific permissions on the ESXi itself. There is one caveat, however, which is that the web UI of the ESXi server is not able to browse the Active Directory itself, so you need to manually enter the username or the group name using domainuser_or_group as the user account.