Before you deploy instant clones, you must create a user account that has the permission to perform certain operations in Active Directory.

Select this account when you add an instant-clone domain administrator before deploying instant-clone desktop pools. For more information, see Add an Instant-Clone Domain Administrator.


  1. In Active Directory, create a user account in the same domain as the Connection Server or in a trusted domain.
  2. Add the Create Computer Objects, Delete Computer Objects, and Write All Properties permissions to the account on the container for the instant-clone computer accounts.
    The following list shows the required permissions for the user account, including permissions that are assigned by default:
    • List Contents
    • Read All Properties
    • Write All Properties
    • Read Permissions
    • Reset Password
    • Create Computer Objects
    • Delete Computer Objects

    Make sure that the permissions apply to the correct container and to all child objects of the container.