App Volumes uses Active Directory to add domains and assign applications and Writable Volumes to users, groups, computers, and Organizational Units (OUs).

As an administrator with full access to App Volumes Manager, you can configure and work with Active Directory domains and users in many ways:

  • Add multiple Active Directory domains and assign unique credentials and administrator access to users from these domains.
  • Assign Writable Volumes to a specific user.
  • Filter entities based on their domain
  • Search across multiple Active Directory domains
  • Manage assignments for any user, group, or computer from any configured Active Directory domain.
  • Add multiple domain controller hosts.
  • Connect securely to Active Directory and optionally, validate the certificate.

Active Directory Objects Lookup

App Volumes Manager looks up Active Directory objects by their GUID instead of UPN (User Principal Name). Using GUID enables administrators to move users across domains and organizational units (OUs) and even rename users and computers without affecting their Applications, Packages, AppStacks, or Writable Volumes assignments.

Automatic Active Directory Synchronization

App Volumes Manager maintains a database record for any Active Directory that is seen by an App Volumes Manager agent or assigned to an Application, Package, AppStack, or a Writable Volume.

A background job runs every hour to synchronize up to 100 entities in the Active Directory. If there are more than 100 objects, then the next batch of 100 objects is synchronized in the hour after the first batch of objects has been synchronized.

Note: GUID synchronization from Active Directory servers might take up to a week and it varies based on the number of objects that are present in the system.

Active Directory Synchronization

When a user is removed and the same user logon name is added again to Active Directory, and App Volumes has not yet synchronized the directory, conflicting Writable Volumes entries might get created. The conflicted entries are displayed in the App Volumes Manager until the Active Directory is synced.

When Packages, AppStacks, or Writable Volumes are attached to a user who was removed and added again to the directory, the user is considered as a new Active Directory user, and only the assignments for this user are tracked and displayed. Any old assignments are removed (if the directory was synced) or are shown as conflicted entries.

Go to DIRECTORY > Users > Sync to synchronize and view the latest list of users.

Multiple Active Directories with Universal Security Groups

When multiple Active Directory domains are used with Universal Security Groups for Applications, Packages, AppStacks, or Writable Volumes assignments, or for administrative access either directly or using nested group membership, all the domain controllers that are accessible by App Volumes Manager must host the Global Catalog (GC). In a default setup, this means all the domain controllers in the domain must have GC enabled. If this is not possible, configure specific domain controllers in the App Volumes Manager configuration. For more details, see the User Security Attributes section for Active Directories on the Microsoft Developer Network site.