Using AD for user authentication simplifies permission management, ensures password complexity, and allows you to use the same security policies for the AD to minimize the risk of unauthorized access. For vCenter Server, you can add additional identity sources, as discussed; usually, the PSC component is joined to the AD domain in order to use the native AD integration.

For ESXi hosts, it is possible to set the authentication to the AD domain to eliminate the need to create and maintain multiple local user accounts. For more details, see KB 2075361—Configuring the ESXi host with Active Directory authentication at https://kb.vmware.com/kb/2075361.

You can use the vSphere Web Client or the vSphere Client (HTML5) and choose the Configure tab on the ESXi , then the Authentication Services menu, followed by clicking on Join Domain button:

If you use host profiles to configure AD authentication for your hosts, then the AD credentials are saved in the host profile and are transmitted over the network. You can use the vSphere Authentication Proxy to avoid storing AD credentials in a host profile and to avoid transmitting them over the network.