You can edit an Active Directory domain after initial setup.
Note: Domain Bind and Domain Join accounts must meet requirements as described in
Service Accounts That Horizon Cloud Requires for Its Operations.
Procedure
- Select Settings > Active Directory.
The Active Directory page displays.
- If you have multiple Active Directories configured, select the one you want to edit from the list on the left.
- Click Edit next to Domain Bind to edit domain bind information.
The Edit Active Directory dialog displays.
- Edit information as desired in the fields described below.
Option Description NETBIOS Name [Not editable] Active Directory domain name DNS Domain Name Fully qualified Active Directory domain name Protocol [Not editable] LDAP is the only choice Bind Username Domain administrator. Edit only if new username is set up in Active Directory first. Bind Password Domain administrator password. Edit only if new password is set up in Active Directory first. - Make changes to auxiliary bind accounts as described below.
- Change password for an auxiliary bind account:
- Confirm that the password for the account has already been changed in the Active Directory.
- Click the Change Account Password link for the account (for example, Change Account #1 Password).
- Enter the new password.
Note: You cannot change the bind username for an auxiliary bind account. Instead, you need to remove the account and add it with the new username. - Add an auxiliary bind account:
- Click the Add Auxiliary Bind Account link.
- Enter username and password for the account.
Note: Username and password must exist in the Active Directory or the account will not be added successfully.
- Remove an auxiliary bind account by clicking the Remove link next to the account.
Note: You cannot remove an auxiliary bind account if it is the last auxiliary bind account remaining.
- Change password for an auxiliary bind account:
- Click Advanced Properties.
- Edit information as desired in the following Advanced Properties fields.
Option Description LDAP over TLS Enables LDAP communication via TLS, which automates certificate deployment and management. This option is deactivated by default. Note: This setting is deactivated by default and only appears if you have requested that VMware enable it for you.Port The default for this field is 389. You should not need to modify this field unless you are using a non-standard port. Domain Controller IP (Optional) Specify a single preferred domain controller IP address if you want AD traffic to use a specific domain controller. Context This option is auto-populated based on the DNS Domain Name information provided earlier. - Click Domain Bind to save changes.
- Click Edit next to Domain Join to edit domain join information.
The Domain Join dialog displays.
- Edit domain join information as desired.
Note: To make changes to Primary DNS Server IP or Secondary DNS Server IP, you must file a ticket with VMware support.
Option Description Default OU Default organizational unit Join Username Domain administrator. Edit only if new username is set up in Active Directory first. Join Password Domain administrator password. Edit only if new password is set up in Active Directory first. - Make changes to the auxiliary join account as described below.
- Add an auxiliary join account:
- Click the Add Auxiliary Join Account link.
- Enter username and password for the account.
Note: Username and password must exist in the Active Directory or the account will not be added successfully.
- Change username for the auxiliary join account:
- Confirm that the username for the account has already been changed in the Active Directory.
- Enter the new username in the Auxiliary join Username field.
- Change password for the auxiliary join account:
- Confirm that the password for the account has already been changed in the Active Directory.
- Enter the new password in the Auxiliary join Password field.
- Remove the auxiliary join account by clicking the Remove Auxiliary Join Account link.
- Add an auxiliary join account:
- Click Save.
- In the Add Super Administrator dialog box, make any desired change and click Save.
Use the Active Directory search function to select the AD administrator group to administer the system.
What to do next
If desired, you can set up True SSO (single sign-on). See #GUID-82F98AA1-F971-40E1-A5E8-E698FF41A9AD.