You may need to join the VMware Identity Manager connector to a domain in some cases. For Active Directory over LDAP directories, you can join a domain after creating the directory. For directories of type Active Directory (Integrated Windows Authentication), the connector is joined to the domain automatically when you create the directory. In both scenarios, you are prompted for credentials.

To join a domain, you need Active Directory credentials that have the privilege to "join computer to AD domain". This is configured in Active Directory with the following rights:

Create Computer Objects

Delete Computer Objects

When you join a domain, a computer object is created in the default location in Active Directory.

If you do not have the rights to join a domain, or if your company policy requires a custom location for the computer object, follow these steps to join the domain.


Ask your Active Directory administrator to create the computer object in Active Directory, in a location determined by your company policy. Provide the host name of the connector. Ensure that you provide the fully-qualified domain name, for example,


You can see the host name in the Host Name column on the Connectors page in the administration console. Click Identity & Access Management > Setup > Connectors to view the Connectors page.


After the computer object is created, join the domain using any domain user account in the VMware Identity Manager administration console.

The Join Domain command is available on the Connectors page, accessed by clicking Identity & Access Management > Setup > Connectors.