Cloud computers can be assigned to convenience accounts and enterprise Active Directory (AD) accounts. If you want to integrate Elastic Desktop Service (EDS) with the AD system of an enterprise, create enterprise AD accounts and assign cloud computers to the accounts. This topic describes how to create and manage enterprise AD accounts.
Prerequisites
An enterprise AD system is established.
Create enterprise AD accounts
After EDS is integrated with an enterprise AD system, EDS can retrieve information about AD users, and you can assign cloud computers to AD users. In this section, Windows Server 2016 is used as an example. The actual Windows OS that you use shall prevail.
Log on to the AD domain controller of the enterprise.
In the left-side navigation pane, open Server Manager and click AD DS.
In the upper-right corner of the page, click Tools and select Active Directory Users and Computers from the pop-up menu.
Right-click the group for which you want to create users. In the pop-up menu, choose
and specify basic user information.Specify information such as the first name, last name, full name, and user logon name based on your business requirements. Then, click Next.
Configure a password and click Next.
Confirm and record the user information and click Finish.
Modify information about an enterprise AD account
If an end user forgets the password of an enterprise AD account, you can reset the password. You can also modify basic user information, such as username. In this section, Windows Server 2016 is used as an example. The actual Windows OS that you use shall prevail.
Log on to the AD domain controller of the enterprise.
In the left-side navigation pane, open Server Manager and click AD DS.
In the upper-right corner of the page, click Tools and select Active Directory Users and Computers from the pop-up menu.
Find the user whose password you want to modify and perform the following operations to change the password or basic information:
Reset the password
Right-click the user for which you want to reset the password and select Reset Password from the pop-up menu.
In the Reset Password dialog box, configure a new password and click OK.
Modify basic information
Right-click the user whose basic information you want to modify and select Properties from the pop-up menu.
Modify information on tabs such as the General and Account tabs and click OK.
Bind a terminal to an enterprise AD account
After enterprise AD accounts are bound to terminals, end users that use the accounts can log on only to the specified terminals.
Prerequisites
The trusted device authentication feature is enabled. For more information, see Trusted device authentication.
Alibaba Cloud Workspace terminals are added. When end users use organization IDs to log on to software clients of Alibaba Cloud Workspace, only involving the Windows client and macOS client, from local teminals, the information about the terminals are added to the EDS console.
Procedure
In the left-side navigation pane, choose
.On the User tab of the Users & Organizations page, find the convenience account to which you want to bind a terminal, click the ⋮ icon in the Actions column, and then click Bind Terminal.
In the Manage Terminal panel, click Add Terminal.
In the Add Terminal dialog box, select UUID that corresponds to the desired terminal and click Confirm.
To unbind a terminal from a convenience account, select the desired terminal and click Unbind.
Delete an enterprise AD account
You can delete the AD accounts that you no longer use.
Log on to the AD domain controller of the enterprise.
In the left-side navigation pane, open Server Manager and click AD DS.
In the upper-right corner of the page, click Tools and select Active Directory Users and Computers from the pop-up menu.
Right-click the user that you want to delete and select Delete from the pop-up menu.
Confirm the deletion message and click Yes.