You can optionally register additional Active Directory domains to assign management roles or provide assignments to users in those domains.
Note: When you have completed the domain registration, do not move any groups from one organizational unit (OU) to another. Doing so will cause login failures for users.
If you click Cancel before you complete the registration, you can click Edit at any time from the Getting Started page to continue with registration.
Prerequisites
- The Active Directory infrastructure must be synchronized to an accurate time source.
- If you have external or forest trusts, root domains must be registered. For more information, see External and Forest Trusts.
- The Domain Bind account is always assigned the Super Administrator role, which grants all the permissions to perform management actions in the Administration Console. You should ensure that the Domain Bind account is not accessible to users that you do not want to have Super Administrator permissions.
- Domain Bind and Domain Join accounts must meet requirements as described in Service Accounts That Horizon Cloud Requires for Its Operations.
Procedure
- In the Administration Console, select Settings > Active Directory.
- Click Register.
- In the Register Active Directory dialog box, provide the requested registration information.
Option |
Description |
NETBIOS Name |
Active Directory domain name |
DNS Domain Name |
Fully qualified Active Directory domain name |
Protocol |
Not editable; LDAP is the only choice |
Bind Username |
Domain administrator |
Bind Password |
Domain administrator password |
- Enter information for Auxiliary Account #1.
Option |
Description |
Bind Username |
Domain administrator |
Bind Password |
Domain administrator password |
Note: Username and password must exist in the Active Directory or the account will not be added successfully.
- Click Advanced Properties.
- Enter information the Advanced Properties fields.
Option |
Description |
Port |
The default for this field is 389. You should not need to modify this field unless you are using a non-standard port. |
Domain Controller IP |
(Optional) Specify a single preferred domain controller IP address if you want AD traffic to use a specific domain controller. |
Context |
This option is auto-populated based on the DNS Domain Name information provided earlier. |
- Click Domain Bind.
Note: If you see an error stating that the auxiliary account information you entered is invalid, then after completing the Domain Join process below you will need to add a valid auxiliary account by editing the Domain Bind information. See
Edit an Active Directory Domain.
- In the Domain Join dialog, provide the required domain join information.
Option |
Description |
Primary DNS Server IP |
IP address of primary DNS Server |
Secondary DNS Server IP |
(Optional) IP of secondary DNS Server |
Default OU |
Default organizational unit |
Join Username |
Domain administrator |
Join Password |
Domain administrator password |
- If desired, create an auxiliary domain join account by entering the information below.
Option |
Description |
Auxiliary join Username |
Domain administrator for auxiliary account |
Auxiliary join Password |
Domain administrator password for auxiliary account |
- If you do not choose to add an auxiliary domain join account now, you can do so later.
- You can edit or delete this account later.
- You can add only one auxiliary domain join account for each Active Directory.
- Click Save.
- In the Add Super Administrator dialog box, use the Active Directory search function to select the AD administrator group to administer the application.
- Click Save.
- If the domain bind or domain join process fail, you must restart the registration process.
- Restart the browser.
- Log in first using your My VMware account.
- Log in to the Active Directory account using the domain service (bind) account login and password.
- Continue with the domain join process.
What to do next
If desired, you can set up True SSO (single sign-on). See #GUID-82F98AA1-F971-40E1-A5E8-E698FF41A9AD.