In the General Configuration: Active Directory step of the creation wizard, you specify details about the Microsoft Active Directory infrastructure that the VDI environment will use to authenticate the desktop users.

About this task

A VDI environment requires the desktop users to authenticate using an Active Directory infrastructure. You can use your organization's existing Active Directory domain or have the creation workflow create an Active Directory infrastructure as part of the provisioned VDI workload domain. If you use your organization's existing Active Directory domain, you must provide the DNS server IP address used by your Active Directory server. If you select to have the workflow create an internal Active Directory server, specify the IP address of your corporate or enterprise DNS server to use so the internal Active Directory server can resolve your enterprise domain information. All of the VDI infrastructure's components will point to the internal Active Directory server for DNS resolution.

Prerequisites

Verify that you have met the prerequisites described in Create a VDI Workload Domain for the type of Active Directory infrastructure you want to use with this VDI environment.

If you are using your organization's existing Active Directory domain, verify whether your Active Directory domain requires use of secure LDAP (LDAPS). If it does, then you must select the checkbox to use LDAPS.

Procedure

  1. Select whether to use your organization's existing Active Directory domain or to have the workflow create one as part of the VDI environment.

    Option

    Description

    External

    When you select this choice, you must provide the following information:

    • The System Administrator's password. This password is the one that will be set for the Administrator user in all of the VDI environment's Windows servers.

    • Domain name

    • IP address of the Active Directory domain controller

    • In the Virtual Desktop Location field, the organizational unit (OU) to use for the virtual desktops. This OU must already exist in your Active Directory.

    • In the View Servers Location field, the Organizational Unit (OU) in your Active Directory which the VMware Horizon environment will use for its View servers, View Connection and View Composer servers. This OU must already exist in your Active Directory.

    • In the Read-Write Account field, the account credentials, user name and password, for a user account in your Active Directory that has read/write access for those OUs. This user account must already exist in your Active Directory.

    • In the Horizon View Service Account field, the account credentials, user name and password, of a user account in your Active Directory that will be used to add the View Composer Service servers that are in the VMware Horizon environment. This user is used to authenticate when accessing View Composer servers from View Connection servers. This user account must already exist in your Active Directory and have the permissions required by the VMware Horizon environment.

    If your Active Directory domain requires use of LDAPS, select the Use secure connection (port 636) check box. When you select this check box, the thumbprint of the public certificate is retrieved from the IP address of the domain controller and displayed.

    When you use the External option for the VDI environment's Active Directory, your DHCP is expected to be reachable by the virtual desktops using the Data Center network configuration that you specify in the wizard. When you select this choice, the workflow does not install DHCP for the desktops and SDDC Manager expects that you have DHCP installed and reachable by broadcast from the Data Center network configuration.

    Internal

    When you select this choice, the workflow creates an Active Directory server internally in the VDI environment and configures it with the necessary domain name, IP address, and OU information appropriate for the VDI workload domain.

    Type the IP address of your corporate or enterprise DNS server that this internal Active Directory domain can use to resolve your domain information.

    Type a password for the domain administrator account that will be created for the domain.

  2. Proceed to the next step by clicking Next.