After you have successfully deployed your first node and it is successfully paired with Horizon Cloud, you log in to Horizon Cloud at cloud.horizon.vmware.com to register an Active Directory domain, perform the domain join and bind, and assign the super administrator role to at least one of the groups in that domain.
About this task
You must finish the entire Active Directory registration process for the first domain you are registering before you can perform other activities in the Administration Console. All services are locked until you finish these tasks.
If the registration step is not complete, a Delete button is displayed on the Getting Started page and you can click it to delete the node.
Ensure that the Active Directory infrastructure is synchronized to an accurate time source to prevent the domain join from failing. Such a failure requires you to contact VMware Support for assistance.
Verify that your node is successfully deployed. The Capacity section of the Getting Started wizard indicates whether the first node is successfully deployed by displaying a green checkmark icon ().
For the required primary and auxiliary domain-bind accounts, verify you have the information for two Active Directory user accounts that adhere to the requirements described in the prerequisites checklist document, including:
The account passwords cannot expire, change, or be locked out.
Ensure that your domain-bind accounts cannot expire, change, or be locked out. You must use this type of account configuration because the system uses the primary domain-bind account as a service account to query Active Directory. If the primary domain-bind account becomes inaccessible for some reason, the system then uses the auxiliary domain-bind account.
For the required domain-join account, verify you have the information for the Active Directory user account that has domain-join permissions because the system uses this account to perform Sysprep operations on desktops and join the desktops to the domain. The domain-join account also must be in an Active Directory group that you add to the Super Administrators role in the Administration Console.
- Open a browser to Horizon Cloud at https://cloud.horizon.vmware.com.
- Log in using the My VMware credentials associated with the Horizon Cloud environment.
The Administration Console opens and displays the Getting Started wizard.
If the Getting Started wizard is not displayed when you first log in, open it by clicking.
- In the Getting Started wizard, expand General Setup section if it is not already expanded.
- Under Active Directory, click Configure.
- In the Register Active Directory dialog box, provide the requested registration information.
Use Active Directory accounts that adhere to the guidelines for the primary and auxiliary domain-bind accounts as described in the prerequisites.
Active Directory domain name
DNS Domain Name
Fully qualified Active Directory domain name
Automatically displays LDAP.
User account in the domain to use as the primary LDAP bind account
The password associated with the name in the Bind Username text box.
Auxiliary Account #1
In the Bind Username and Bind Password fields, type a user account in the domain to use as the auxiliary LDAP bind account and its associated password.
You can optionally provide values for advanced properties.
The default is LDAP -> 389. You do not need to modify this text box unless you are using a non-standard port.
Domain Controller IP
(Optional) If you want Active Directory traffic to use a specific domain controller, type a single preferred domain controller IP address. If this text box is left blank, the system uses any domain controller available for this Active Directory domain.
LDAP naming context. This text box is autopopulated based on the information provided in the DNS Domain Name text box.
- Click Domain Bind.
When the domain bind process succeeds, the Domain Join dialog box appears and you can continue to the next step.Important:
If the domain-bind process fails, but you proceed to add the domain-join account, the registration process is not fully complete, even if you can add the domain-join account. If this situation occurs, contact support for assistance.
- In the Domain Join dialog box, provide the domain-join information.
Use an Active Directory account that adheres to the guidelines for the domain-join account described in the prerequisites.
User account in the Active Directory that has permissions to join systems to that Active Directory domain.
The password associated with the name in the Join Username text box.
Primary DNS Server IP
IP address of the primary DNS Server. This DNS server must be able to resolve machine names inside of your Microsoft Azure cloud as well as resolve external names.
Secondary DNS Server IP
(Optional) IP of a secondary DNS Server
- Click Save.
When the domain join process succeeds, the Add Super Administrator dialog box appears and you can continue to the next step.Important:
If the domain-join process fails, the registration process is not fully complete. If this situation occurs, contact support for assistance.
- In the Add Super Administrator dialog box, use the Active Directory search function to select the Active Directory administrator group you want performing management actions on your environment using the Administration Console.
This assignment ensures that at least one of your Active Directory domain's user accounts is granted the permissions to perform management actions in the Administration Console now that the node is joined to the domain.Important:
Add the Active Directory group which includes the domain-join account, as described in the prerequisites.
- Click Save.
When you click Save, the system returns you to the login screen. Now that you have registered the node with your Active Directory domain, the system requires you to log back in: first with your My VMware account and then with the Active Directory account credentials of a user that is in the Active Directory group to which you just assigned the Super Administrator role.
The following items are now in place:
The node is joined to the Active Directory domain.
Management activities in the Administration Console are now available.
Signing in to the Administration Console to perform management tasks has two login screens: first a My VMware login to Horizon Cloud and then an Active Directory login using an account from the group with the super administrator role.
Users in the group to which you granted the super administrator role will be able to access the Administration Console and perform management activities when they use the associated My VMware account for the first login screen. To enable those administrators to use their own My VMware account credentials for the first login step, complete the steps described in Give Administrative Access to Administrators in Your Organization.
User accounts in the joined Active Directory domain can be selected for assignments using the Administration Console, such as desktop assignments.
What to do next
From this point, you typically perform the following tasks:
Add additional auxiliary bind accounts to this Active Directory domain configuration. If the primary and first bind accounts you specified become inaccessible, the system uses the next auxiliary bind account to connect to the Active Directory. Having auxiliary bind accounts avoids locking out your administrator users from the Administration Console in situations where the primary bind account is inaccessible in the Active Directory domain. Add Additional Auxiliary Bind Accounts for an Active Directory Domain Registered to Your Horizon Cloud Node.
Grant access to additional users to administer your environment. First add their My VMware accounts and then give their Active Directory accounts the Super Administrator role. See Give Administrative Access to Administrators in Your Organization and Assign Horizon Cloud Administrative Roles to Active Directory Groups.
Continue with the Getting Started wizard's steps. See About the Horizon Cloud Getting Started Wizard.
Navigate to other areas of the Administration Console to perform management tasks. See About Menu Selections in the Administration Console.
If you have additional Active Directory domains with users to whom you want to grant management access to the Administration Console or end users to whom you want to give assignments, you can register those Active Directory domains also. See Register Additional Active Directory Domains with Your Horizon Cloud Node.
Assign the demo administrator role to those users in this domain to whom you want to grant read-only access to the Administration Console. See Assign Horizon Cloud Administrative Roles to Active Directory Groups.