How to Reset ESXi Root Password using Active Directory
In this article, I will show you how to Reset ESXi Root Password via Microsoft Active Directory. VMware vSphere can be incorporated with AD (Active Directory) that is commonly used for the centralized management of users & computers. We can join any ESXi host into an Active Directory Domain and then use the account created on the Active Directory Domain Controller to log in to the ESXi host.
Note: In the VMware ESXi host settings the IP address of the domain controller must be specified as a DNS server since the ESXi server should be able to resolve the domain and domain controller names.
ESXi-01 with forgotten root password IP Address – 10.0.0.11
VMware vCenter Server IP Address – 10.0.0.21
Domain Controller– 10.0.0.20
The Active Directory Domain Controller (ADDC) is deployed on Windows Server 2012.
Step by Step Reset ESXi Root Password.
First we need to create a new user in our Active Directory Users and Computers.
1- Open Server Manager, select Tools and click Active Directory Domain Services.
2- In active directory users and computer, Right-click on Users, Select New, and then click user.
3- Type a user name (esxi-01) and then click next.
4- Type a password for this ESXi-01 user account, this password is used as an example, it is recommended that you change the password to a strong, after recovering the root access for your ESXi host. Select the Password never expires option and clicks the next button.
5- New user successfully created, click finish.
We need to create the ESX Admins group on your Active Directory Domain Controller. The group name must be exactly the same. Users who are the members of ESX Admins global security group automatically get a root advantage on an ESXi host after logging in.
6- In active directory users and computer, select Action tab, Select New and then click Group.
7- Under Group name type ESX Admins and click ok.
8- After successfully creating the ESX Admins group, right-click on the ESX Admin group and properties.
9- Select Members tab and click the Add button.
10- Type ESX user account (in my case esxi-01), Select Check Names. and then click OK.
11- Click apply and then ok.
Now the ESXi-01 user account is a member of the ESX Admins group in your Active Directory domain.
How to join VMware ESXi Host to Domain.
After joining ESXi host to domain, use VMware host client to log in to the ESXi host whose root password must be recovered. Enter the name or IP address of your ESXi host in the browser. For example, https://esxi-01.xpertstec.local or (https://10.0.0.21).
Type the Active Directory user the one we have created before ([email protected]), password, and click the Log in button.
Once we have logged in to the ESXi host whose password we have forgotten, we can reset the password for the root user.
Expand Host, Select the Manage option, Select Security & Users tab, Select Users, select root, and then click the edit user icon.
Now type a unique ESXi password for root on the ESXi host and click the save button.
After resetting the ESXi root password, make the ESXi host leave the Active Directory domain if the domain will not be used for ESXi authentication in the future.
Related: How to Reset VMware ESX/ESXi Root Password Using Linux ISO Gparted.