You can optionally register additional Active Directory domains with your node to assign management roles or provide assignments to users in those domains.
Ensure that the Active Directory infrastructure is synchronized to an accurate time source to prevent the domain join from failing. Such a failure requires you to contact VMware Support for assistance.
For the required primary and auxiliary domain-bind accounts, verify you have the information for two Active Directory user accounts that adhere to the requirements described in the prerequisites checklist document, including:
The account passwords cannot expire, change, or be locked out.
Ensure that your domain-bind accounts cannot expire, change, or be locked out. You must use this type of account configuration because the system uses the primary domain-bind account as a service account to query Active Directory. If the primary domain-bind account becomes inaccessible for some reason, the system then uses the auxiliary domain-bind account.
For the required domain-join account, verify you have the information for the Active Directory user account that has domain-join permissions because the system uses this account to perform Sysprep operations on desktops and join the desktops to the domain. The domain-join account also must be in an Active Directory group that you add to the Super Administrators role in the Administration Console.
- In the Administration Console, select .
- Click Register.
- In the Register Active Directory dialog box, provide the requested registration information.
Use Active Directory accounts that adhere to the guidelines for the primary and auxiliary domain-bind accounts as described in the prerequisites.
Active Directory domain name
DNS Domain Name
Fully qualified Active Directory domain name
Automatically displays LDAP.
User account in the domain to use as the primary LDAP bind account
The password associated with the name in the Bind Username text box.
Auxiliary Account #1
In the Bind Username and Bind Password fields, type a user account in the domain to use as the auxiliary LDAP bind account and its associated password.
- Click Domain Bind.
The Domain Join dialog box appears.
- In the Domain Join dialog box, provide the domain-join information.
Use an Active Directory account that adheres to the guidelines for the domain-join account described in the prerequisites.
User account in the Active Directory that has permissions to join systems to that Active Directory domain.
The password associated with the name in the Join Username text box.
Primary DNS Server IP
IP address of the primary DNS Server
Secondary DNS Server IP
(Optional) IP of a secondary DNS Server
Active Directory organization unit to have the desktop image resources, such as
OU=NestedOrgName, OU=RootOrgName,DC=DomainComponent. The system default is
- Click Save.
At this point, if the domain join process succeeds, the Add Administrator dialog box appears and you can continue to the next step.
- In the Add Administrator dialog box, use the Active Directory search function to add a group from this Active Directory that you want performing management actions on your environment using the Administration Console.
Add the Active Directory group which includes the domain-join account, as described in the prerequisites.
- Click Save.
The following items are now in place:
The Horizon Cloud node is joined to the Active Directory domain.
After logging in to Horizon Cloud using your My VMware credentials, in the Active Directory login window, users with the super administrator role can select the domain that corresponds to their Active Directory account.
Users in the group to which you granted the super administrator role can access the Administration Console and perform management activities.
User accounts in the joined Active Directory domain can be selected for assignments using the Administration Console, such as desktop assignments.
What to do next
From this point, you typically perform the following tasks:
Assign the demo administrator role to those users in this domain to whom you want to grant read-only access to the Administration Console. See Assign Horizon Cloud Administrative Roles to Active Directory Groups.