On the App Volumes Active Directory Domains page, you can register an Active Directory domain. You can also edit and remove the registered Active Directory using the respective functionalities on this page. Using the Active Directory, you can assign applications to users, computers, groups, and organizational units (OUs).
- If you want to connect securely from App Volumes Manager to Active Directory using an LDAPS or LDAP over TLS connection, while also validating the certificate, you must have downloaded a CA domain certificate. See Connecting Securely to Active Directory and Configure CA Certificates in App Volumes Manager.
- You can also choose to connect securely using Secure LDAPS or LDAP over TLS without validating the certificate.
- In the App Volumes Manager admin UI, go to .
- Click Register Domain.
- Enter the Active Directory information on the Register Active Directory Domain page.
Parameter Description Active Directory Domain Name A fully qualified domain name of the Active Directory domain where users and target computers are residing, for example, corp.example.com.Note: When the domain name is configured to use the NETBIOS name while logging into App Volumes Manager, ensure that the NETBIOS name does not contain a period
Domain Controller Hosts (Optional)
IP address (10.98.87.67) or FQDN (dc01.corp.example.com). You can also provide the virtual IP address of a load balancer that is used as the front-end server of the domain controller. This option provides High Availability (HA) capability for connections to Active Directory.Note: Do not include any non-ASCII characters in the domain controller name.
You can add multiple domain controller hosts; use commas to separate the names of the hosts.Important: If you do not add a domain controller host, the system detects the hosts that are available and connect to the nearest domain controller.
LDAP Base (Optional)
Distinct name of the Active Directory container or organizational unit that stores required entities (if you want to limit the scope of enumeration). By default, App Volumes Manager enumerates all users, groups, OUs, and computer objects within Active Directory.
Example: OU=Engineering, DC=corp, DC=vmware, DC=com
The user name of the service account that has access to the target Active Directory domain. For example, admin-1. The user can be an administrator with read-only permissions.
The password for the service account. Ensure that domain policies do not enforce password expiration for the service account.
SecurityTo configure the LDAP connection, select one of the following options from the drop-down menu:
- Secure LDAP (LDAPS) - Select this option if you want to connect to Active Directory over SSL.
LDAP over TLS - Connect to Active Directory over LDAP using TLS. You must have installed a trusted certificate from a certificate authority.
- (Optional) Disable certificate validation (insecure) - Displayed only if you choose LDAPS or LDAP over TLS. Check the box to connect securely without validating the certificate using the root CA certificate.
LDAP (insecure) - Connect to Active Directory without using a secure connection.
Port (Optional) A port number other than the default. The default port is used if this text box is left blank.
- Click Register.
Edit an Active Directory
You can update and change the configuration information for a registered Active Directory.
- In the App Volumes Manager, go to .
A list of configured domains is displayed.
- Select a domain from the list and click Edit.
- Update the information on the Edit Active Directory Domain page.
- Click Update.
Remove an Active Directory
Remove an Active Directory.
- From App Volumes Manager, go to .
A list of configured domains is displayed.
- Select a domain from the list and click Remove.
- Click Remove on the Confirm Remove window.
Handling Authentication Failures
App Volumes uses Active Directory to add domains and assign applications and Writable Volumes to users, groups, computers, and Organizational Units (OUs). App Volumes thus inherits the authentication and account policies of Active Directory.
Authentication Overview and Group Policy Settings
Active Directory implements authentication measures such as inserting random delays between failed authentications, configuring the number of failed authentication attempts and so on.
See https://docs.microsoft.com/en-us/windows-server/security/windows-authentication/windows-authentication-overview for an authentication overview and https://technet.microsoft.com/en-us/library/dn751050(v=ws.11).aspx for information about Group Policy Settings of Active Directory.