I’m getting ready to upgrade a ton of our ESXi hosts to 5 and wanted a quick way to join all of them to AD after. I could probably do a fresh install and incorporate this into my ESXi Config Script, that’s a consideration, but for the time being, a script that targets clusters, folders, vDCs, etc, will work. The script can also target individual ESXi hosts, they do not have to be joined to vCenter.

There’s a bug in ESXi 5 that blocks DNS (fixed in Update 1), so you’ll get an error if you try to connect manually and see something like this in /var/log/syslog.log2012-04-20T15:56:25Z netlogond[3236247]: [LWNetDnsQueryWithBuffer() /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/utils/lwnet-dns.c:1185] DNS lookup for '_ldap._tcp.dc._msdcs.ad.fqdn.com' failed with errno 110, h_errno = 2

The main guts of the script use Set-VMHostAuthentication, and that’s really it. To address the bug we have to use Set-VMHostFirewallDefaultPolicy to turn off the fw (or allow all incoming/outgoing), join the domain, then turn it back on. The rest of the script is logic, checking for needed stuff.

Take note I used $host.ui.PromptForCredential again, since I could let the user know which creds I need, AD versus ESXi login. I basically used the Get-WWN script as a template and changed/added what I needed.

When populating the $VMHosts variable, it only pulls hosts with ESXi version 5.*. Later in the script, you’ll see another check for version number, that’s for standalone hosts. I need to check when connecting directly to the host, then $foreach.movenext if it’s not 5.*, but I haven’t figured out an efficient way to get that done. A little help maybe?

Usage:Join-Domain.ps1 -VMHosts ("host1","host2","host3") -domain my.domain or Join-Domain -vc vcenterserver -container cluster1 -domain my.domain

I left container as required so you can target what you want. I tested it against a few clusters with different versions of ESXi, and everything seemed to work well.

One strange thing, though, is the host connection state has to be ‘connected’. If it’s in maintenance mode, set-vmhostauthentication won’t work. Why? I dunno, bug imo, it should work in either connected or maintenance mode.

I slapped this together quickly, so if you notice anything wrong, please let me know. If you know of another way, please tell me, too, I’m always happy to learn other ways to do things.

Script (also attached at the bottom below the code block):

Here’s the actual .ps1 file: Join-Domain.ps1