You can use the vdmadmin command to add accounts for clients to the configuration of a Connection Server group. After you add a client, it is available for use with a Connection Server instance on which you have enabled authentication of clients. You can also update the configuration of clients, or remove their accounts from the system.

You must run the vdmadmin command on one of the Connection Server instances in the group that contains the Connection Server instance that clients will use to connect to their published desktops.

When you add a client in kiosk mode, VMware Horizon creates a user account for the client in Active Directory. If you specify a name for a client, this name must start with a recognized prefix string, such as "custom-", or with an alternate prefix string that you have defined in ADAM, and it cannot be more than 20 characters long. If you do not specify a name for a client, VMware Horizon generates a name from the MAC address that you specify for the client device. For example, if the MAC address is 00:10:db:ee:76:80, the corresponding account name is cm-00_10_db_ee_76_80. You can only use these accounts with Connection Server instances that you enable to authenticate clients.

Important: Do not use a specified name with more than one client device. Future releases might not support this configuration.

Procedure

  • Run the vdmadmin command using the -domain and -clientid options to specify the domain and the name or the MAC address of the client. 
    vdmadmin -Q -clientauth -add [-b authentication_arguments] -domain domain_name -clientid client_id [-password "password" | -genpassword] [-ou DN] [-expirepassword | -noexpirepassword] [-group group_name | -nogroup] [-description "description_text"]
    Option Description
    -clientid client_id Specifies the name or the MAC address of the client.
    -description "description_text" Creates a description of the account for the client device in Active Directory.
    -domain domain_name Specifies the domain for the client.
    -expirepassword Specifies that the expiry time for the password on the client's account is the same as for the Connection Server group. If no expiry time is defined for the group, the password does not expire.
    -genpassword Generates a password for the client's account. This is the default behavior if you do not specify either -password or -genpassword.

    A generated password is 16 characters long, contains at least one uppercase letter, one lowercase letter, one symbol, and one number, and can contain repeated characters. If you require a stronger password, use the -password option to specify the password.

    -group group_name Specifies the name of the group to which the client's account is added. The name of the group must be specified as the pre-Windows 2000 group name from Active Directory. If you previously set a default group, client's account is added to this group.
    -noexpirepassword Specifies that the password on the client's account does not expire.
    -nogroup Specifies that the client's account is not added to the default group.
    -ou DN Specifies the distinguished name of the organizational unit to which the client's account is added.

    For example: OU=kiosk-ou,DC=myorg,DC=com

    -password "password" Specifies an explicit password for the client's account.
    The command creates a user account in Active Directory for the client in the specified domain and group (if any).

Example: Adding Accounts for Clients

Add an account for a client specified by its MAC address to the MYORG domain, using the default settings for the group kc-grp. 

vdmadmin -Q -clientauth -add -domain MYORG -clientid 00:10:db:ee:76:80 -group kc-grp

Add an account for a client specified by its MAC address to the MYORG domain, using an automatically generated password. 

vdmadmin -Q -clientauth -add -domain MYORG -clientid 00:10:db:ee:76:80 -genpassword

Add an account for a named client, and specify a password to be used with the client. 

vdmadmin -Q -clientauth -add -domain MYORG -clientid custom-Terminal21 -password "guest" -ou "OU=kiosk-ou,DC=myorg,DC=com" -description "Terminal 21"

Add an account for a named client, using an automatically generated password. 

vdmadmin -Q -clientauth -add -domain MYORG -clientid custom-Kiosk11 -genpassword -ou "OU=kiosk-ou,DC=myorg,DC=com" -description "Kiosk 11"

What to do next

Enable authentication of the clients.