AD integration for FLEXXIBLE|Appliances
There are three types of integration with client domains for deployments performed on Flexxible IT appliances:
1) Full deployment: In this case, the Resource Domain (This is the domain where the infrastructure VMs reside) and the client domain where the VDI/SDI and users would reside, both auto-generate themselves. During the deployment, the following domains will be created:
- Infrastructure Domain: this is the domain for the infrastructure, the control layer, the access and orchestration.
- Client Domain: this domain will include the users, machine accounts for the generated resources such as VDI, SDI and PublishedApp, as well as the applied GPOs, etc.
It is required to create a two-way Trust Relationship between both domains.
2) Mixed deployment: In this case, the Resource domain that is integrated with an existing client domain will be auto-generated. Besides, a two-way Trust relationship between both domains will be created.
This option allows us to deploy a new domain for the infrastructure, the control layer, the access and orchestration. Regarding the client domain, it will be integrated with its current domain, where the users and resources, etc will reside.
3) Full integration: Here the Resource domain won't be auto-generated, as the entire solution will be installed under an existing domain. The deployment is fully performed in the current client domain. Therefore, a Trust relationship is not required
- The following table defines the types of deployments that can be performed depending on domain and forest functional level in your Active Directory:
- The domains should mutually resolve one another. This is automatically configured during automatic deployment.
- During the deployment, in the section AD Integration, you need to enter the domain admin credentials that will be used to configure the DNS and the trust relationship (Mixed deployment only).
- DHCP should be configured for Full integration deployment.
INTEGRATION PROCESS (This applies to Full integration and Mixed Deployment)
The following features are checked for installation as part of the Customer domain controller requirements:
- Group Policy Management (if required, install with Install-WindowsFeature GPMC
- Active Directory module for Windows PowerShell (if required, they should be installed with Install-WindowsFeature RSAT-AD-PowerShell)
- DFS Management tools: RSAT-DFS-Mgmt-Con PowerShell module
The process checks the health status of the domain controller:
- Check AD functional level: Checks that the version of the AD functional level is the right one depending on the type of deployment
- Check that the Netlogon is correct: dcdiag /test: netlogons
- Check that the replication does not come up with any problems: dcdiag /test: Replications
- MSA accounts creation
- Group Policy creation
During the integration process, a series of checks are performed to ensure that the client's domain meets the requirements and that it's in good health. Among other things the integration process will:
- Verify that we can connect through WinRM to the customer's DC.
- Verify that the NetBios entered in the QCS is the same as the one configured in the client's DC.
- Validate if it is a Core OS: Windows Core system is not supported
- Check that the client domain controller has the necessary tools and features installed (we will see the details later in this article).
- Check Network Connectivity to DC: It is verified that there is connectivity with each one of the site DCs existing in the domain.
- Check DFS Replication: Validates that the DFSR replication works correctly. Use dfsrdiag propagationtest
- Verify the Flexxible IT AD OU: The OU, users and groups are created to validate that the user can perform the first actions during deployment.
Please, refer to the Flexxible|SUITE - Integration with Active Directory for relevant information.