After you have successfully deployed your first node and it is successfully paired with Horizon Cloud, you log in to Horizon Cloud at to register an Active Directory domain, perform the domain join and bind, and assign the super administrator role to at least one of the groups in that domain.

About this task


You must finish the entire Active Directory registration process for the first domain you are registering before you can perform other activities in the Administration Console. All services are locked until you finish these tasks.

If the registration step is not complete, a Delete button is displayed on the Getting Started page and you can click it to delete the node.


Ensure that the Active Directory infrastructure is synchronized to an accurate time source to prevent the domain join from failing. Such a failure requires you to contact VMware Support for assistance.

Verify that your node is successfully deployed. The Capacity section of the Getting Started wizard indicates whether the first node is successfully deployed by displaying a green checkmark icon (Round green icon with white checkmark to show success).

For the required primary and auxiliary domain-bind accounts, verify you have the information for two Active Directory user accounts that adhere to the requirements described in the prerequisites checklist document, including:

  • The account passwords cannot expire, change, or be locked out.


Ensure that your domain-bind accounts cannot expire, change, or be locked out. You must use this type of account configuration because the system uses the primary domain-bind account as a service account to query Active Directory. If the primary domain-bind account becomes inaccessible for some reason, the system then uses the auxiliary domain-bind account.

For the required domain-join account, verify you have the information for the Active Directory user account that has domain-join permissions because the system uses this account to perform Sysprep operations on desktops and join the desktops to the domain. The domain-join account also must be in an Active Directory group that you add to the Super Administrators role in the Administration Console.


  1. Open a browser to Horizon Cloud at
  2. Log in using the My VMware credentials associated with the Horizon Cloud environment.

    The Administration Console opens and displays the Getting Started wizard.

    If the Getting Started wizard is not displayed when you first log in, open it by clicking Settings > Getting Started.

  3. In the Getting Started wizard, expand General Setup section if it is not already expanded.
  4. Under Active Directory, click Configure.
  5. In the Register Active Directory dialog box, provide the requested registration information.

    Use Active Directory accounts that adhere to the guidelines for the primary and auxiliary domain-bind accounts as described in the prerequisites.



    NETBIOS Name

    Active Directory domain name

    DNS Domain Name

    Fully qualified Active Directory domain name


    Automatically displays LDAP.

    Bind Username

    User account in the domain to use as the primary LDAP bind account

    Bind Password

    The password associated with the name in the Bind Username text box.

    Auxiliary Account #1

    In the Bind Username and Bind Password fields, type a user account in the domain to use as the auxiliary LDAP bind account and its associated password.

    You can optionally provide values for advanced properties.




    The default is LDAP -> 389. You do not need to modify this text box unless you are using a non-standard port.

    Domain Controller IP

    (Optional) If you want Active Directory traffic to use a specific domain controller, type a single preferred domain controller IP address. If this text box is left blank, the system uses any domain controller available for this Active Directory domain.


    LDAP naming context. This text box is autopopulated based on the information provided in the DNS Domain Name text box.

  6. Click Domain Bind.

    When the domain bind process succeeds, the Domain Join dialog box appears and you can continue to the next step.


    If the domain-bind process fails, but you proceed to add the domain-join account, the registration process is not fully complete, even if you can add the domain-join account. If this situation occurs, contact support for assistance.

  7. In the Domain Join dialog box, provide the domain-join information.

    Use an Active Directory account that adheres to the guidelines for the domain-join account described in the prerequisites.



    Join Username

    User account in the Active Directory that has permissions to join systems to that Active Directory domain.

    Join Password

    The password associated with the name in the Join Username text box.

    Primary DNS Server IP

    IP address of the primary DNS Server. This DNS server must be able to resolve machine names inside of your Microsoft Azure cloud as well as resolve external names.

    Secondary DNS Server IP

    (Optional) IP of a secondary DNS Server

  8. Click Save.

    When the domain join process succeeds, the Add Super Administrator dialog box appears and you can continue to the next step.


    If the domain-join process fails, the registration process is not fully complete. If this situation occurs, contact support for assistance.

  9. In the Add Super Administrator dialog box, use the Active Directory search function to select the Active Directory administrator group you want performing management actions on your environment using the Administration Console.

    This assignment ensures that at least one of your Active Directory domain's user accounts is granted the permissions to perform management actions in the Administration Console now that the node is joined to the domain.


    Add the Active Directory group which includes the domain-join account, as described in the prerequisites.

  10. Click Save.

    When you click Save, the system returns you to the login screen. Now that you have registered the node with your Active Directory domain, the system requires you to log back in: first with your My VMware account and then with the Active Directory account credentials of a user that is in the Active Directory group to which you just assigned the Super Administrator role.


The following items are now in place:

  • The node is joined to the Active Directory domain.

  • Management activities in the Administration Console are now available.

  • Signing in to the Administration Console to perform management tasks has two login screens: first a My VMware login to Horizon Cloud and then an Active Directory login using an account from the group with the super administrator role.

  • Users in the group to which you granted the super administrator role will be able to access the Administration Console and perform management activities when they use the associated My VMware account for the first login screen. To enable those administrators to use their own My VMware account credentials for the first login step, complete the steps described in Give Administrative Access to Administrators in Your Organization.

  • User accounts in the joined Active Directory domain can be selected for assignments using the Administration Console, such as desktop assignments.

What to do next

From this point, you typically perform the following tasks: