You can optionally register additional Active Directory domains with your Horizon Cloud Node to assign management roles or provide assignments to users in those domains.

Prerequisites

Ensure that the Active Directory infrastructure is synchronized to an accurate time source to prevent the domain join from failing. Such a failure requires you to contact VMware Support for assistance.

For the required domain-bind account, verify you have the information for the Active Directory user account that adheres to the following guidelines:

  • Is an Active Directory domain admin account.

  • Has an account password that cannot expire, change, or be locked out.

Important:

You must use this account configuration because the system uses this account as a service account to query Active Directory.

For the required domain-join account, verify you have the information for the Active Directory user account that has domain-join permissions because the system uses this account to perform Sysprep operations on desktops and join the desktops to the domain. You can use the same account as the domain-bind account or a different one.

Procedure

  1. In the Administration Console, select Settings > Active Directory.
  2. Click Register.
  3. In the Register Active Directory dialog box, provide the requested registration information.
    Important:

    Use an Active Directory account that adheres to the guidelines for the domain-bind account described in the prerequisites.

    Option

    Description

    NETBIOS Name

    Active Directory domain name

    DNS Domain Name

    Fully qualified Active Directory domain name

    Protocol

    Automatically displays LDAP.

    Bind Username

    User account in the domain to use as the LDAP bind account

    Bind Password

    The password associated with the name in the Bind Username text box.

    You can optionally provide values for advanced properties.

    Option

    Description

    Port

    The default is LDAP -> 389. You do not need to modify this text box unless you are using a non-standard port.

    Domain Controller IP

    (Optional) If you want Active Directory traffic to use a specific domain controller, type a single preferred domain controller IP address. If this text box is left blank, the system uses any domain controller available for this Active Directory domain.

    Context

    LDAP naming context. This text box is autopopulated based on the information provided in the DNS Domain Name text box.

  4. Click Domain Bind.

    The Domain Join dialog box appears.

  5. In the Domain Join dialog box, provide the domain-join information.
    Note:

    Use an Active Directory account that adheres to the guidelines for the domain-join account described in the prerequisites. You can use the same account as the bind account used in 3 or a different one.

    Option

    Description

    Join Username

    User account in the Active Directory that has permissions to join systems to that Active Directory domain.

    Join Password

    The password associated with the name in the Join Username text box.

    Primary DNS Server IP

    IP address of the primary DNS Server

    Secondary DNS Server IP

    (Optional) IP of a secondary DNS Server

    Default OU

    Active Directory organization unit to have the desktop image resources, such as OU=NestedOrgName, OU=RootOrgName,DC=DomainComponent. The system default is CN=Computers.

  6. Click Save.

    At this point, if the domain join process succeeds, the Add Administrator dialog box appears and you can continue to the next step.

  7. In the Add Administrator dialog box, use the Active Directory search function to add a group from this Active Directory that you want performing management actions on your environment using the Administration Console.
  8. Click Save.

Results

The following items are now in place:

  • The Horizon Cloud Node is joined to the Active Directory domain.

  • After logging in to Horizon Cloud using your My VMware credentials, in the Active Directory login window, users with the super administrator role can select the domain that corresponds to their Active Directory account.

  • Users in the group to which you granted the super administrator role can access the Administration Console and perform management activities.

  • User accounts in the joined Active Directory domain can be selected for assignments using the Administration Console, such as desktop assignments.

What to do next

From this point, you typically perform the following tasks: