DocsICP FilingConsole
官方文档
首页

Create and manage enterprise AD accounts

更新时间:
复制 MD 格式
产品详情
我的收藏

You can assign cloud computers to convenience accounts or, if you have integrated with an enterprise AD (Active Directory), to enterprise AD accounts. This topic describes how to create and manage enterprise AD accounts.

Prerequisites

You have an enterprise AD environment.

Note

The procedures in this topic use Windows Server 2019 as an example. The actual steps may vary based on your operating system version.

Create enterprise AD accounts

After connecting to an enterprise AD, Elastic Desktop Service (EDS) Enterprise can retrieve user information from the AD directory. This lets you assign cloud computers to enterprise AD accounts.

  1. Log on to the enterprise AD domain controller.

  2. In the upper-right corner, choose Tools > Active Directory Users and Computers.

  3. Right-click the group to which you want to add a user, and then choose New > User. In the dialog box, set the basic user information.

    1. Enter the user's full name and user logon name, and then click Next.

    2. Set and confirm the password, and then click Next.

    3. Review and verify the user information, and then click Finish.

Modify enterprise AD accounts

If an end user forgets the password for their enterprise AD account, you can modify or reset it. You can also modify other basic information, such as the username.

  1. Log on to the enterprise AD domain controller.

  2. In the upper-right corner, choose Tools > Active Directory Users and Computers.

  3. In the user group, find the user to modify and then perform one of the following operations as needed:

    • Modify the password

      1. Right-click the user and choose Reset Password.

      2. In the Reset Password dialog box, set a new password and click OK.

    • Modify basic information

      1. Right-click the user and choose Properties.

      2. On the General or Account tab, modify the basic information as needed and click OK.

Assign cloud computers or many-to-many shares

After assigning cloud computers or many-to-many shares to an enterprise AD account, the end user can use that account to log on to an Alibaba Cloud Workspace terminal and use the corresponding cloud computer or Shared Cloud Computer.

Note

  • You can assign multiple cloud computers to a single enterprise AD account. The end user can use these cloud computers simultaneously without conflict.

  • If a cloud computer is assigned to multiple enterprise AD accounts, only one user can connect at a time. Other users cannot connect until the current user disconnects.

Prerequisites

Procedure

  1. Log on to the Elastic Desktop Service Enterprise console.

  2. In the left-side navigation pane, choose Users > Users.

  3. On the User Management page, click the AD User tab. Find the target enterprise AD account and click Actions in the View/Assign Cloud Computers column.

  4. On the View/Assign Cloud Computers panel, perform one of the following operations as needed.

    Assign a cloud computer or multiple shared cloud computers

    1. On the Added Cloud Computers tab, click Add Cloud Computer, or on the Added Share tab, click Add Share.

    2. In the dialog box that appears, select the cloud computers or multiple shared cloud computers to assign and click OK.

    Unassign a cloud computer or multiple shared cloud computers

    On the Assigned Cloud Computers tab or the Assigned Shares tab, find the cloud computer or shared cloud computers to unassign, and click Remove in the Actions column.

    Important

    Updates to the user list may be delayed. After assigning or unassigning a resource, wait a moment and then refresh the list.

You can also add convenience accounts to cloud computers or multiple shared cloud computers on the Cloud Computer Enterprise Edition page or the multiple shared cloud computers page. For more information, see Add users to a cloud computer or Manage authorized users.

Specify logon terminals

After specifying logon terminals for an enterprise AD account, the account can be used for logon only from those specified terminals.

Note

You can specify a maximum of eight logon terminals for each enterprise AD account.

Prerequisites

  • Trusted device authentication is enabled. For more information, see Trusted device authentication.

  • Terminals are added. When an end user logs in to a hardware terminal or software client with your organization ID, information about the hardware terminal or software client is automatically added to the console. For hardware terminals, you can also add them manually. For more information, see Manage hardware terminals.

Procedure

  1. In the left-side navigation pane, choose Users > Users.

  2. On the User Management page, on the AD User tab, find the target user and click Actions in the View/Specify Logon Terminal column.

  3. On the View/Restrict Logon Terminals panel, click Add Terminal.

  4. In the Add Terminal dialog box, select the hardware terminals or software clients (desktop and mobile) that you want to add as restricted logon terminals, and click OK.

    To remove a restricted logon terminal, find the target hardware terminal or client, click Remove in the Actions column, and click OK in the confirmation dialog box.

Delete enterprise AD accounts

You can delete enterprise AD accounts that are no longer needed.

  1. Log on to the enterprise AD domain controller.

  2. In the upper-right corner, choose Tools > Active Directory Users and Computers.

  3. In the user group, right-click the user to delete and choose Delete.

  4. In the confirmation dialog box, click Yes.

Previous:Manage convenience accountsNext:Deploy value-added services