VMware App Volumes uses Active Directory to assign application to users, computers, groups, and organizational units.

Procedure

Enter the following information on the Active Directory configuration screen.

Parameter

Description

Active Directory Domain Name

A fully qualified domain name of the Active Directory domain where users and target computers are residing, for example corp.example.com

Domain Controller Host Name (Optional)

You can configure the fully qualified domain name of the domain controller in this option, for example dc01.corp.example.com

LDAP Base (Optional)

By default, App Volumes Manager enumerates all user, group, OU and computer objects within Active Directory. If you want to limit the scope of such enumeration, provide the distinguished name of the Active Directory container or organizational unit that stores required entities.

Example: OU=Engineering, DC=corp, DC=vmware, DC=com

Username

The user name of the service account that has a read-only access to the target Active Directory domain, for example, svc-appvolumes.

Password

The password for the service account. Ensure that domain policies do not enforce password expiration for the service account.

Use secure connection (Port 636) (Optional)

If your domain controllers are configured for with TLS certificates for LDAP connections, you can enable this option to ensure that communication with the domain controller is encrypted.

Allow non-domain entities (Optional)

If this option is enabled, App Volumes Manager allows AppStack assignments for non-domain users and computers. This is used for provisioning.

Trust Username (Optional)

The user name of the service account that has a read-only access to the Active Directory domain configured for one-way trust, for example svc-appvolumes.

Trust Password (Optional)

The password for the service account. Ensure that domain policies do not enforce password expiration for the service account.

Trust Domains (Optional)

Provide a list of domains to use the new trust credentials. Instead of using the credentials on all trusted domains, use them in the specified domains. Use a space to separate items in the list, for example domain2.local domain3.com

If the domain controller cannot be automatically detected from DNS, you can add that to a domain in the list using a semicolon, for example,domain3.com;ldap.domain3.com.