All Products
Search
Document Center

Elastic Desktop Service:Create and manage enterprise AD accounts

Last Updated:Nov 22, 2024

Cloud computers can be assigned to convenience accounts and enterprise Active Directory (AD) accounts. If you want to integrate Elastic Desktop Service (EDS) with the AD system of your enterprise, create enterprise AD accounts and assign cloud computers to the accounts. This topic describes how to create and manage enterprise AD accounts.

Prerequisites

An enterprise AD system is established.

Note

In this topic, Windows Server 2019 is used as an example. The actual Windows OS that you use shall prevail.

Create enterprise AD accounts

After EDS Enterprise is integrated with an enterprise AD system, EDS can retrieve information about AD users, and you can assign cloud computers to AD users.

  1. Log on to the AD domain controller of the enterprise.

  2. In the upper-right corner of the page that appears, choose Tools > Active Directory Users and Computers.

  3. Right-click the group for which you want to create users. In the pop-up menu, choose New > User and specify basic user information.

    1. Specify information, such as the first name, last name, full name, and user logon name, based on your business requirements. Then, click Next.

    2. Specify a password and click Next.

    3. Confirm and record the user information and click Finish.

Modify information about an enterprise AD account

If an end user forgets the password of an enterprise AD account, you can reset the password. You can also modify basic user information, such as the username.

  1. Log on to the AD domain controller of the enterprise.

  2. In the upper-right corner of the page that appears, choose Tools > Active Directory Users and Computers.

  3. Find the user whose password you want to modify and perform the following operations to reset the password or modify the basic information:

    • Reset the password

      1. Right-click the user whose password you want to reset and select Reset Password from the pop-up menu.

      2. In the Reset Password dialog box, specify a new password and click OK.

    • Modify the basic information

      1. Right-click the user whose basic information you want to modify and select Properties from the pop-up menu.

      2. Modify information on tabs, such as the General and Account tabs, and click OK.

Assign cloud computers or cloud computer pools to enterprise AD accounts

After you assign cloud computers or cloud computer pools to enterprise AD accounts, end users can use the accounts to log on to Alibaba Cloud Workspace terminals and connect to and use the cloud computers or cloud computer pools.

Note
  • You can assign multiple cloud computers to an enterprise AD account. All assigned cloud computers can be used at the same time.

  • If a cloud computer is assigned to multiple enterprise AD accounts and one of the accounts is being used to connect to the cloud computer, another assigned enterprise AD account cannot be used to connect to the cloud computer until the current account is disconnected from the cloud computer.

Prerequisites

Procedure

  1. Log on to the EDS Enterprise console.

  2. In the left-side navigation pane, choose Users > Users & Organizations.

  3. On the AD User tab of the Users & Organizations page, find the enterprise AD account that you want to manage and click View/Assign Cloud Computer (Pool) in the Actions column.

  4. In the View/Assign Cloud Computer (Pool) panel, perform the following operations based on your business requirements:

    Assign cloud computers or cloud computer pools

    1. Select a region from the Region drop-down list.

    2. Select an office network from the Office Network drop-down list.

    3. On the Cloud Computer Information or Cloud Computer Pool Information tab, select the cloud computers or cloud computer pools that you want to assign in the Unassigned Cloud Computer or Unassigned Cloud Computer Pool section.

    4. Click Assign in the lower part of the panel.

    Unassign cloud computers or cloud computer pools

    1. On the Cloud Computer Information or Cloud Computer Pool Information tab, select the cloud computers or cloud computer pools that you want to unassign in the Assigned Cloud Computer or Assigned Cloud Computer Pool section.

    2. Click Unassign in the lower part of the panel.

    Important

    The assignment or unassignment takes effect after a short period of time due to latency. Wait for a while before you refresh the user list to check the assignment or unassignment result.

You can also assign cloud computers or cloud computer pools on the Cloud Computers or Cloud Computer Pools page. For more information, see Assign cloud computers to users or Manage authorized users.

Specify logon terminals for enterprise AD accounts

After you specify logon terminals for enterprise AD accounts, end users that use the accounts can log on only to the specified terminals.

Note

You can specify up to eight logon terminals for an enterprise AD account.

Prerequisites

  • The trusted device authentication feature is enabled. For more information, see Trusted device authentication.

  • Alibaba Cloud Workspace terminals are added. If end users use your organization ID to log on to the software clients of Alibaba Cloud Workspace, the information about the software clients is automatically added to the EDS Enterprise console.

Procedure

  1. In the left-side navigation pane, choose Users > Users & Organizations.

  2. On the AD User tab of the Users & Organizations page, find the enterprise AD account for which you want to specify a logon terminal and click View/Specify Logon Terminal in the Actions column.

  3. In the View/Specify Logon Terminal panel, click Add Terminal.

  4. In the Add Terminal dialog box, select the software clients of Alibaba Cloud Workspace, including desktop clients and mobile clients, that you want to specify, and then click OK.

    If you want to remove a specific terminal of Alibaba Cloud Workspace, find the software client and click Remove in the Actions column. Then, click OK in the message that appears.

Delete enterprise AD accounts

You can delete the enterprise AD accounts that you no longer require.

  1. Log on to the AD domain controller of the enterprise.

  2. In the upper-right corner of the page that appears, choose Tools > Active Directory Users and Computers.

  3. Right-click the user that you want to delete and select Delete from the pop-up menu.

  4. Confirm the deletion message and click Yes.