Before you deploy and configure the SDDC in this VMware Validated Design, you must provide a specific configuration of Active Directory users and groups. You use these users and Active Directory groups for application login, for assigning roles in a tenant organization, and for authentication in cross-application communication.

Active Directory Service Accounts

In a multi-region or single-region environment that has parent and child domains in a single forest, store service accounts in the parent domain and user accounts in each of the child domains. By using the group scope attribute of Active Directory groups, you manage resource access across domains.

Active Directory Administrator Account

Certain installation and configuration tasks require a domain account svc-domain-join with elevated permissions to add computer objects to the Active Directory domain.