How to Reset ESXi Root Password using Active Directory

Reset ESXi Root Password

In this article, I will show you how to Reset ESXi Root Password via Microsoft Active Directory. VMware vSphere can be incorporated with AD (Active Directory) that is commonly used for the centralized management of users & computers. We can join any ESXi host into an Active Directory Domain and then use the account created on the Active Directory Domain Controller to log in to the ESXi host.

Note: In the VMware ESXi host settings the IP address of the domain controller must be specified as a DNS server since the ESXi server should be able to resolve the domain and domain controller names.

ESXi-01 with forgotten root password IP Address – 10.0.0.11
VMware vCenter Server IP Address – 10.0.0.21
Domain Controller– 10.0.0.20
The Active Directory Domain Controller (ADDC) is deployed on Windows Server 2012.

Step by Step Reset ESXi Root Password.

First we need to create a new user in our Active Directory Users and Computers.

1- Open Server Manager, select Tools and click Active Directory Domain Services.

server manager

2- In active directory users and computer, Right-click on Users, Select New, and then click user.

active directory

3- Type a user name (esxi-01) and then click next.

active directory new user

4- Type a password for this ESXi-01 user account, this password is used as an example, it is recommended that you change the password to a strong, after recovering the root access for your ESXi host. Select the Password never expires option and clicks the next button.

ad new user password

5- New user successfully created, click finish.

ad create new user

We need to create the ESX Admins group on your Active Directory Domain Controller. The group name must be exactly the same. Users who are the members of ESX Admins global security group automatically get a root advantage on an ESXi host after logging in.

6- In active directory users and computer, select Action tab, Select New and then click Group.

active directory

7- Under Group name type ESX Admins and click ok.

ad create new group

8- After successfully creating the ESX Admins group, right-click on the ESX Admin group and properties.

active directory

9- Select Members tab and click the Add button.

ad group properties

10- Type ESX user account (in my case esxi-01), Select Check Names. and then click OK.

ad enter object name

11- Click apply and then ok.

ad group properties

Now the ESXi-01 user account is a member of the ESX Admins group in your Active Directory domain.

How to join VMware ESXi Host to Domain.

After joining ESXi host to domain, use VMware host client to log in to the ESXi host whose root password must be recovered. Enter the name or IP address of your ESXi host in the browser. For example, https://esxi-01.xpertstec.local or (https://10.0.0.21).
Type the Active Directory user the one we have created before ([email protected]), password, and click the Log in button.

vsphere web client login

Once we have logged in to the ESXi host whose password we have forgotten, we can reset the password for the root user.

Expand Host, Select the Manage option, Select Security & Users tab, Select Users, select root, and then click the edit user icon.

vsphere esxi web login

Now type a unique ESXi password for root on the ESXi host and click the save button.

vsphere esxi users

After resetting the ESXi root password, make the ESXi host leave the Active Directory domain if the domain will not be used for ESXi authentication in the future.

Related: How to Reset VMware ESX/ESXi Root Password Using Linux ISO Gparted.

Comments

Leave a Reply