VMware Horizon Community
namxi
Contributor
Contributor

Which AD privileges to fully administer all view components?

Hello there!

Which AD privileges have to be assigned to a user, that shuold be able to fully administer all components of VMware View and VirtualCenter Server?

We don't want to use a Domain Admin with all privileges.

Greets

Reply
0 Kudos
2 Replies
djciaro
Expert
Expert

Your best bet is to create a new group in Active Directory and add the users you require to administer your Virtual environment but not the windows domain. (you could call it Virtual administrators)

Then via your VI client, right click in the datacenter and select permissions, click add and search for your group then specify the required permissions such as all privileges.

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!
Reply
0 Kudos
srinivasaddagat
Contributor
Contributor

Hi,

If your query is to know what account privileges are required w.r.t AD then i could think of below

1. create computer objects in foo.com -> computers container

2. view composer must run as a service with service account being part of local administrator on VC

3. same account can be given while enabling view composer in view manager configuration which is again a view administrator

General practise is not to give admin rights to non-domain admin on servers as well as computer object creation rights. If you policies allow then you may create the account and give only above privileges else use domain admin as the credentials are anyways secured with in view manager

Thanks

Reply
0 Kudos