After you enter settings in the Horizon Cloud Node Setup user interface and run that process until you see the congratulations message, you connect to Horizon Cloud at cloud.horizon.vmware.com to register an Active Directory domain, perform the domain join and bind, and assign the super administrator role to at least one of the groups in that domain.

Note

You must finish the entire Active Directory registration process for the first domain you are registering before you can perform other activities in the Administration Console. All services are locked until you finish these tasks.

If you click Cancel before you finish the registration, you can click Edit at any time from the Getting Started page to continue with registration.

Ensure that the Active Directory infrastructure is synchronized to an accurate time source to prevent the domain join from failing. Such a failure requires you to contact VMware Support for assistance.

Verify that your Horizon Cloud Node is successfully deployed, to the point where the Setup congratulations message is available. See the Installation and Configuration information for details about the setup process.

For the required domain-bind account, verify you have the information for the Active Directory user account that adheres to the following guidelines:

Is an Active Directory domain admin account.

Has an account password that cannot expire, change, or be locked out.

Important

You must use this account configuration because the system uses this account as a service account to query Active Directory.

For the required domain-join account, verify you have the information for the Active Directory user account that has domain-join permissions because the system uses this account to perform Sysprep operations on desktops and join the desktops to the domain. You can use the same account as the domain-bind account or a different one.

1

Open a browser to Horizon Cloud at https://cloud.horizon.vmware.com.

2

Log in using your My VMware credentials.

The Administration Console opens and displays the Getting Started wizard.

3

In the Getting Started wizard, expand General Setup section if it is not already expanded.

4

Under Active Directory, click Configure.

5

In the Register Active Directory dialog box, provide the requested registration information.

Important

Use an Active Directory account that adheres to the guidelines for the domain-bind account described in the prerequisites.

Option

Description

NETBIOS Name

Active Directory domain name

DNS Domain Name

Fully qualified Active Directory domain name

Protocol

Automatically displays LDAP.

Bind Username

User account in the domain to use as the LDAP bind account

Bind Password

The password associated with the name in the Bind Username text box.

You can optionally provide values for advanced properties.

Option

Description

Port

The default is LDAP -> 389. You do not need to modify this text box unless you are using a non-standard port.

Domain Controller IP

(Optional) If you want Active Directory traffic to use a specific domain controller, type a single preferred domain controller IP address. If this text box is left blank, the system uses any domain controller available for this Active Directory domain.

Context

LDAP naming context. This text box is autopopulated based on the information provided in the DNS Domain Name text box.

6

Click Domain Bind.

At this point, if the domain bind process succeeds, the Domain Join dialog box appears and you can continue to the next step.

If the domain bind process fails, you must restart the registration process by:

a

Reloading the https://cloud.horizon.vmware.com URL in a new browser tab or page.

b

At the login window, log in using your My VMware account credentials.

c

At the Active Directory login window, log in using the LDAP bind account user name and password that you provided in the previous step.

d

Continue with the next step.

7

In the Domain Join dialog box, provide the domain-join information.

Note

Use an Active Directory account that adheres to the guidelines for the domain-join account described in the prerequisites. You can use the same account as the bind account used in Step 5 or a different one.

Option

Description

Join Username

User account in the Active Directory that has permissions to join systems to that Active Directory domain.

Join Password

The password associated with the name in the Join Username text box.

Primary DNS Server IP

IP address of the primary DNS Server

Secondary DNS Server IP

(Optional) IP of a secondary DNS Server

8

Click Save.

At this point, if the domain join process succeeds, the Add Super Administrator dialog box appears and you can continue to the next step.

If the domain join process fails, you must restart the registration process by:

a

Reloading the https://cloud.horizon.vmware.com URL in a new browser tab or page.

b

At the login window, log in using your My VMware account credentials.

c

At the Active Directory login window, log in using the LDAP bind account user name and password that you provided in the previous step.

d

Continue with the next step.

9

In the Add Super Administrator dialog box, use the Active Directory search function to select the Active Directory administrator group you want performing management actions on your environment using the Administration Console.

This assignment ensures that at least one of your Active Directory domain's user accounts is granted the permissions to perform management actions in the Administration Console now that the Horizon Cloud Node is joined to the domain.

10

Click Save.

The following items are now in place:

The Horizon Cloud Node is joined to the Active Directory domain.

Management activities in the Administration Console are now available.

Logging in to the Administration Console to perform management tasks now has two parts: first a My VMware login to Horizon Cloud and then an Active Directory login to the Horizon Cloud Node using an account from the group with the super administrator role.

Users in the group to which you granted the super administrator role can access the Administration Console and perform management activities.

User accounts in the joined Active Directory domain can be selected for assignments using the Administration Console, such as desktop assignments.

From this point, you typically perform the following tasks:

Add one or more auxiliary bind accounts to this Active Directory domain configuration. If the primary bind account you specified becomes inaccessible, the system uses the auxiliary bind account to connect to the Active Directory domain. Having an auxiliary bind account avoids locking out your administrator users from the Administration Console in situations where the primary bind account is inaccessible in the Active Directory domain. See Add an Auxiliary Bind Account for an Active Directory Domain Registered to Your Horizon Cloud Node.

Continue with the Getting Started wizard's steps. See Getting Started Wizard for Your Horizon Cloud Node Environment.

Navigate to other areas of the Administration Console to perform management tasks. See About Menu Selections in the Administration Console.

If you have additional Active Directory domains with users to whom you want to grant management access to the Administration Console or end users to whom you want to give assignments, you can register those Active Directory domains also. See Register Additional Active Directory Domains with Your Horizon Cloud Node.

Assign the demo administrator role to those users in this domain to whom you want to grant read-only access to the Administration Console. See Assign Roles to Users for Administration Console Access.