When you join a host to an Active Directory domain, you must define roles on the host for a user or group in that domain. Otherwise, the host is not accessible to Active Directory users or groups. You can use host profiles to set a required role for a user or group and to apply the change to one or more hosts.

You must have an existing host profile. See Creating a Host Profile.

Verify that the hosts to which you apply a profile are in maintenance mode.

1

Using the vSphere Client, select View > Management > Host Profiles.

2

Right-click an existing host profile and select Edit Profile.

3

Expand the profile tree, and then expand Security configuration.

4

Right-click the Permission rules folder and select Add Profile.

5

Expand Permission rules and select Permission.

6

On the Configuration Details tab in the right pane, click the Configure a permission drop-down menu and select Require a Permission Rule.

7

Enter the name of a user and group.

Use the format DOMAIN\name, where DOMAIN is the name of the Active Directory domain and name is the user name or group name.

8

(Optional) If the name you entered is a group (not a single user), select the Name refers to a group of users check box.

9

Enter the assigned role name for the user or group (usually Admin).

The role name is case-sensitive. If this is a system role, you must use the nonlocalized role name. For example, for the Administrator role, enter Admin. For the Read-only role, enter ReadOnly.

10

Select the Propagate permission check box and click OK.

1

Attach the profile to the hosts as described in Attach Entities from the Host.

2

Apply the profile to the hosts as described in Apply a Profile from the Host.