Multiple Active Directory (AD) domains are a must-have for most government organizations, and many businesses due to security needs, regulatory compliance requirements, or geographically distributed offices (http://technet.microsoft.com/en-us/library/cc780856(v=ws.10).aspx) whenever the Organizational Unit (OU) feature of AD is not adequate (http://social.technet.microsoft.com/Forums/windowsserver/en-US/064aa5c9-f040-45b6-b36a-38d1823c16a1/active-directory-design-multiple-domains-or-organizational-units, http://searchwindowsserver.techtarget.com/tip/Domains-vs-organizational-units-in-Active-Directory). VDI-in-a-Box requires you to configure one AD domain for both users and computers during its initial setup. Previous versions of VDI-in-a-Box allow you to optionally configure one additional AD domain only for computers (virtual desktops) as described in http://support.citrix.com/article/CTX136845.
Being able to specify only one AD domain for the users in VDI-in-a-Box is not a major limitation because VDI-in-a-Box does a look up of the Global Catalog (GC) if a user logs on with User Principal Name (UPN). See http://msdn.microsoft.com/en-us/library/windows/desktop/aa380525(v=vs.85).aspx for details of UPN. However, the limitation of one additional AD domain for computers (total up to 2 computer domains) can be limiting in certain scenarios.
VDI-in-a-Box 5.4 enhances the support for multiple computer domains by removing the restriction of up to 2 AD domains for computers. The administrator can configure VDI-in-a-Box 5.4 with one AD domain for users and computers. The administrator can configure any number of additional AD domains for computers, thereby giving additional flexibility and simplicity in managing and evolving your VDI deployment as business needs evolve. Here are the steps to configure and use multiple computer domains:
- Specify the intent to configure multiple computer domains.
- Configure multiple computer domains.
- Specify the appropriate computer domain when preparing a draft image.
Specify the intent to configure multiple computer domains
- In the VDI-in-a-Box Manager (vdiManager) console, from the Admin page, click Advanced Properties link.
- Scroll to the Miscellaneous section. Check the checkbox Specify alternate domains or workgroup for desktop and then click OK.
Configure multiple computer domains
- On the Admin page, click Manage Computer Domainslink, Manage Computer Domains dialog box pops up.
- In the Manage Computer Domains dialog box click Add link.
- In the Domain name box, type the name of the domain for desktops.
- In the User name and Password boxes, type the administrator credentials for the domain.
- Click Add button, type the IP address for the domain, and click highlighted Save button(inside IP addresses section) to add the address to the IP addresses list.
- Click Save button in the bottom-right corner of the dialog box. It will save the added computer domain and close the Specify Additional Domain for Desktops dialog.
- To specify additional computer domains, repeat steps 2 to 6.
- Click Close button in the Manage Computer Domains dialog when you have completed adding computer domains.
Specify the appropriate computer domain when preparing a draft image
After you have configured additional domains for desktops, you can select the right one from the dropdown list of configured domains when preparing a draft image.
For the details on how to configure and modify AD domains with VDI-in-a-Box 5.4, see http://support.citrix.com/proddocs/topic/vdi-54/vdi-manage-active-directory.html