You can optionally configure an auxiliary bind account for the Active Directory domains that are registered with your Horizon Cloud Nodes. Configuring an auxiliary bind account avoids locking out your administrator users from the Administration Console in situations where the primary bind account is inaccessible in the Active Directory domain. If the primary bind account configured for the domain becomes inaccessible, the system uses this auxiliary bind account to connect to the Active Directory domain.

Prerequisites

Verify that the Active Directory domain is registered to the Horizon Cloud Node by navigating to Settings > Active Directory and seeing if the domain is listed on that page.

Verify that you have the user name and password information for the following accounts that are already configured in the Administration Console for the domain, because the user interface requires you confirm the existing passwords when performing this task:

  • Password for the already configured bind account

  • Password for the domain join account already configured in the user interface

Verify that you have the user name and password information for the bind account you are adding. Adhere to the following guidelines:

  • Is an Active Directory domain admin account.

  • Has an account password that cannot expire, change, or be locked out.

Important:

You must use this account configuration because the system uses this account as a service account to query Active Directory.

Procedure

  1. In the Administration Console, click Settings > Active Directory.
  2. Click the Active Directory domain for which you want to add the auxiliary bind account.
  3. Click Edit next to the displayed domain bind settings.
  4. In the Edit Active Directory dialog box, entering the password for the primary bind account.

    Entering the password here makes the Domain Bind button available to click to save the changes.

  5. Expand the advanced properties and click Add Auxiliary Bind Account.

    A section for the auxiliary account information is added to the dialog box.

  6. Type the account credentials.
    Important:

    Use an Active Directory account that adheres to the guidelines for the domain-join account described in the prerequisites.

  7. Click Domain Bind.
  8. In any subsequent windows that appear, confirm the existing settings by clicking Save in each window.

    If the Domain Join window appears, type the password of the domain-join account before clicking Save.

Results

The auxiliary bind account is available for the system to use if the primary bind account becomes inaccessible.

You can add multiple auxiliary bind accounts by repeating the steps. To change an auxiliary bind account's password or to remove it, use the corresponding links displayed in the Edit Active Directory window's advanced properties area.