Before you deploy and configure the Consolidated SDDC in this validated design, you must provide a specific configuration of Active Directory users and groups. You use these users and groups for application login, for assigning roles in a tenant organization and for authentication in cross-application communication.
In an environment that has parent and child domains in a single forest, store service accounts in the parent domain and user accounts in the child domains. By using the group scope attribute of Active Directory groups you manage resource access across domains.
Active Directory Administrator Account
Certain installation and configuration tasks require a domain administrator account that is referred to as
ad_admin_acct in the Active Directory domain.