You can edit an Active Directory domain after initial setup.

Note: Domain Bind and Domain Join accounts must meet requirements as described in Service Accounts That Horizon Cloud Requires for Its Operations.

Procedure

  1. Select Settings > Active Directory.
    The Active Directory page displays.
  2. If you have multiple Active Directories configured, select the one you want to edit from the list on the left.
  3. Click Edit next to Domain Bind to edit domain bind information.
    The Edit Active Directory dialog displays.
  4. Edit information as desired in the fields described below.
    Option Description
    NETBIOS Name [Not editable] Active Directory domain name
    DNS Domain Name Fully qualified Active Directory domain name
    Protocol [Not editable] LDAP is the only choice
    Bind Username Domain administrator. Edit only if new username is set up in Active Directory first.
    Bind Password Domain administrator password. Edit only if new password is set up in Active Directory first.
  5. Make changes to auxiliary bind accounts as described below.
    • Change password for an auxiliary bind account:
      1. Confirm that the password for the account has already been changed in the Active Directory.
      2. Click the Change Account Password link for the account (for example, Change Account #1 Password).
      3. Enter the new password.
      Note: You cannot change the bind username for an auxiliary bind account. Instead, you need to remove the account and add it with the new username.
    • Add an auxiliary bind account:
      1. Click the Add Auxiliary Bind Account link.
      2. Enter username and password for the account.
        Note: Username and password must exist in the Active Directory or the account will not be added successfully.
    • Remove an auxiliary bind account by clicking the Remove link next to the account.
      Note: You cannot remove an auxiliary bind account if it is the last auxiliary bind account remaining.
  6. Click Advanced Properties.
  7. Edit information as desired in the following Advanced Properties fields.
    Option Description
    LDAP over TLS Enables LDAP communication via TLS, which automates certificate deployment and management. This option is disabled by default.
    Note: This setting is disabled by default and only appears if you have requested that VMware enable it for you.
    Port The default for this field is 389. You should not need to modify this field unless you are using a non-standard port.
    Domain Controller IP (Optional) Specify a single preferred domain controller IP address if you want AD traffic to use a specific domain controller.
    Context This option is auto-populated based on the DNS Domain Name information provided earlier.
  8. Click Domain Bind to save changes.
  9. Click Edit next to Domain Join to edit domain join information.
    The Domain Join dialog displays.
  10. Edit domain join information as desired.
    Note: To make changes to Primary DNS Server IP or Secondary DNS Server IP, you must file a ticket with VMware support.
    Option Description
    Default OU Default organizational unit
    Join Username Domain administrator. Edit only if new username is set up in Active Directory first.
    Join Password Domain administrator password. Edit only if new password is set up in Active Directory first.
  11. Make changes to the auxiliary join account as described below.
    • Add an auxiliary join account:
      1. Click the Add Auxiliary Join Account link.
      2. Enter username and password for the account.
        Note: Username and password must exist in the Active Directory or the account will not be added successfully.
    • Change username for the auxiliary join account:
      1. Confirm that the username for the account has already been changed in the Active Directory.
      2. Enter the new username in the Auxiliary join Username field.
    • Change password for the auxiliary join account:
      1. Confirm that the password for the account has already been changed in the Active Directory.
      2. Enter the new password in the Auxiliary join Password field.
    • Remove the auxiliary join account by clicking the Remove Auxiliary Join Account link.
  12. Click Save.
  13. In the Add Super Administrator dialog box, make any desired change and click Save.
    Use the Active Directory search function to select the AD administrator group to administer the system.

What to do next

If desired, you can set up True SSO (single sign-on). See Complete Configuring True SSO for your Horizon Cloud Environment.