XenCenter

Join a domain and add users

Before you can assign a user or group account an RBAC role, you must add the account to Citrix Hypervisor through RBAC. This process consists of the following tasks:

  1. Join the pool or server to the domain. The domain can be one of the following:

    • The domain that the user or group belongs to
    • A domain that is in the same Active Directory forest
    • A domain that has a trust relationship with the user’s domain
  2. Add the user’s Active Directory account or group to Citrix Hypervisor.

After you add the user’s Active Directory account or group to Citrix Hypervisor, the user is assigned a fixed role of Pool Admin. In Citrix Hypervisor Premium Edition, you must assign a role to the user or group manually. For more information, see Assign roles to users and groups.

To change domains, leave the current domain and then join the new domain.

To join the Citrix Hypervisor or pool to a domain

  1. In the Resources Pane, select the pool or server for which you want to grant somebody permissions.
  2. Select the Users tab.
  3. Select Join Domain.
  4. Enter Active Directory credentials with sufficient privileges to add servers to the domain you want to join. The domain to be joined must be specified as a fully qualified domain name (FQDN) rather than a NetBIOS name. For example, enter your_domain.net instead of your_domain.

To add an Active Directory user or group to a pool

  1. After joining the user’s domain, in the Users tab, click Add.
  2. In the Add Users dialog box, enter one or more user or group names. Separate multiple names by commas. To specify a user in a different trusted domain (other than the one currently joined), supply the domain name with the user name. For example, specify other_domain\jsmith. Alternatively, you can enter a fully qualified domain name (FQDN). For example, specify jsmith@other_domain.com.
  3. Select Grant Access.
  4. Follow Assign roles to users and groups to assign the account a role and grant access.

To leave the domain

Note:

When you leave the domain, any users who authenticated to the pool or server with Active Directory credentials are disconnected.

  1. In the Resources Pane, select the pool or server that you want to disconnect from its Active Directory domain.
  2. Select Leave Domain and select Yes to continue.
  3. Enter Active Directory credentials with sufficient privileges to disable servers in the domain you want to leave.
  4. Decide whether to disable the computer accounts in the Active Directory server, and then click one of the following:
    • Disable. Removes the pool or server from the domain and disables the computer account for the server or pool master in the Active Directory database.
    • Ignore. If you didn’t fill the username/password or know an account with sufficient privileges, select this option to remove the server or pool master’s computer account from the Active Directory database. This option removes the pool or server from the domain, but leaves the computer account for the server or pool master in the Active Directory.

Join a domain and add users