Horizon View 7 – Prepare Active Directory
Horizon 7 uses Active Directory to authentication and management users and computers. You have to the following task to prepare Active Directory for use with Horizon 7
-
- Creating an OU for Remote Desktops
- Creating Groups for Users and Admins
- Creating a User Account for vCenter Server
- Create a User Account for View Composer AD Operations
- Create a User Account for Instant-Clone Operations
- …
Domain functional level should be 2008 and above.
Let us start by opening active directory users and group console in windows server.
Create an OU for remote desktops
Like a non-VDI environment, you need different OU to place users, groups, computers, and other organizational units. Here we will create an organizational unit specifically for our VDI infrastructure then we create two sub OU for linked clone desktop and instance desktop.
Create groups for users and admins
You need different groups for different types of users in horizon view. For example, We create a group which is called “HorizonUsers” for end users and another group called “HorizonAdmins” for horizon view administrators. Depend on your design and architecture, you may need more groups
Creating a user account for vCenter server
You must create a user account in active directory which Horizon view uses this account to login vCenter server and do tasks like power on, shutdown and restart. Use the following link to create a new role in vcenter and then assign this role to the created user account.
Create a user account for view composer
If you decided to use view composer, you must create a user account in active directory to perform certain operations in the active directory such as create computer accounts. You can use this user to add view composer to the horizon view administrator, so please add this user to the local admin of view composer server.
This user needs the following permission on the linked clone OU which we created before “LC“.
List Contents
Read All Properties
Write All Properties
Read Permissions
Reset Password
Create Computer Objects
Delete Computer Objects
You should delegate Permissions for LC OU to view composer.
- Right-click the LC organization unit and click on Delegate Control…
- Click next.
- Select vcomposer user, and click next.
- Select create a custom task to delegate.
- Click next.
- Check General and creation and deletion of specific child object and select the above permission.
- Click Finish.
Create a user account for instant-clone operations
You must create a user account that has the following permission to perform certain operations in the active directory when you deploy an instant desktop pool.
List Contents
Read All Properties
Write All Properties
Read Permissions
Reset Password
Create Computer Objects
Delete Computer Objects
After you delegate the permission to “IC” organization unit like we did for “LC”, you can create as many users you want.
Here I created a vCenter admins groups and Yahya Zahedi added to this group and Horizon Admins group. Also, Ali Zahedi is a horizon users member.
Good Luck!