You can optionally register additional Active Directory domains with your Horizon Cloud Node to assign management roles or provide assignments to users in those domains.
Ensure that the Active Directory infrastructure is synchronized to an accurate time source to prevent the domain join from failing. Such a failure requires you to contact VMware Support for assistance.
For the required domain-bind account, verify you have the information for the Active Directory user account that adheres to the following guidelines:
Is an Active Directory domain admin account.
Has an account password that cannot expire, change, or be locked out.
You must use this account configuration because the system uses this account as a service account to query Active Directory.
For the required domain-join account, verify you have the information for the Active Directory user account that has domain-join permissions because the system uses this account to perform Sysprep operations on desktops and join the desktops to the domain. You can use the same account as the domain-bind account or a different one.
- In the Administration Console, select .
- Click Register.
- In the Register Active Directory dialog box, provide the requested registration information.
Use an Active Directory account that adheres to the guidelines for the domain-bind account described in the prerequisites.
Active Directory domain name
DNS Domain Name
Fully qualified Active Directory domain name
Automatically displays LDAP.
User account in the domain to use as the LDAP bind account
The password associated with the name in the Bind Username text box.
You can optionally provide values for advanced properties.
The default is LDAP -> 389. You do not need to modify this text box unless you are using a non-standard port.
Domain Controller IP
(Optional) If you want Active Directory traffic to use a specific domain controller, type a single preferred domain controller IP address. If this text box is left blank, the system uses any domain controller available for this Active Directory domain.
LDAP naming context. This text box is autopopulated based on the information provided in the DNS Domain Name text box.
- Click Domain Bind.
The Domain Join dialog box appears.
- In the Domain Join dialog box, provide the domain-join information.
Use an Active Directory account that adheres to the guidelines for the domain-join account described in the prerequisites. You can use the same account as the bind account used in Step 3 or a different one.
User account in the Active Directory that has permissions to join systems to that Active Directory domain.
The password associated with the name in the Join Username text box.
Primary DNS Server IP
IP address of the primary DNS Server
Secondary DNS Server IP
(Optional) IP of a secondary DNS Server
Active Directory organization unit to have the desktop image resources, such as
OU=NestedOrgName, OU=RootOrgName,DC=DomainComponent. The system default is
- Click Save.
At this point, if the domain join process succeeds, the Add Administrator dialog box appears and you can continue to the next step.
- In the Add Administrator dialog box, use the Active Directory search function to add a group from this Active Directory that you want performing management actions on your environment using the Administration Console.
- Click Save.
The following items are now in place:
The Horizon Cloud Node is joined to the Active Directory domain.
After logging in to Horizon Cloud using your My VMware credentials, in the Active Directory login window, users with the super administrator role can select the domain that corresponds to their Active Directory account.
Users in the group to which you granted the super administrator role can access the Administration Console and perform management activities.
User accounts in the joined Active Directory domain can be selected for assignments using the Administration Console, such as desktop assignments.
What to do next
From this point, you typically perform the following tasks:
Add one or more auxiliary bind accounts to this Active Directory domain configuration. If the primary bind account you specified becomes inaccessible, the system uses the auxiliary bind account to connect to the Active Directory. Having an auxiliary bind account avoids locking out your administrator users from the Administration Console in situations where the primary bind account is inaccessible in the Active Directory domain. Add an Auxiliary Bind Account for an Active Directory Domain Registered to Your Horizon Cloud Node.
Assign the demo administrator role to those users in this domain to whom you want to grant read-only access to the Administration Console. See Assign Roles to Users for Administration Console Access.