How to Manually Configure an Organizational Unit in Active Directory for use by XenDesktop

RoyATokeshi
September 7, 2008 2:56 pm

Citrix states:

How to Manually Configure an Organizational Unit in Active Directory for use by XenDesktop

Document ID: CTX117262   /   Created On: May 21, 2008   /   Updated On: Jul 18, 2008
Average Rating: 5

productFamilyKey3 = "xd"; topics3 = "General"; productFamilyKey = productFamilyKey3.replace("/","--") + "/"; topics = topics3.replace("/","--") + "/";

Summary

This article explains how to manually configure an Organizational Unit (OU) in Active Directory (AD) for use by a Citrix XenDesktop farm. XenDesktop requires that all virtual desktops and the Desktop Delivery Controllers be domain members. This manual process is an alternative to using the Citrix Active Directory Configuration Wizard. This OU is known as the farm OU. It contains information about the farm and the Desktop Delivery Controllers available to virtual desktops.

Requirements

A tool to access and manipulate Active Directory is required to follow the steps in this guide. Microsoft ADExplorer is recommended because it provides an easy way to create objects and set their properties. ADExplorer can be found here:

http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx

Procedure

How to Manually Populate the Farm OU:

The following steps create the basic structure of the farm OU that leave it ready to register and unregister Desktop Delivery Controllers. Once these steps are complete, the farm OU should have the following structure:

‘Farm Name‘(OU)

     Farm SCP (SCP)

     Controllers (Group)

     RegistrationServices (Container)

For some information on using ADExplorer to perform the steps outlined in this document, refer to the ADExplorer documentation.

Create the farm Organizational Unit:

Create an Organizational Unit in AD at any level; the name can be anything. This is the OU for a single XenDesktop farm. It is not recommended farm OUs are created as children of other farm OUs.

Create the farm Service Connection Point:

1. Create a service connection point in the farm OU called Farm SCP.

2. Add the following individual entries to the keywords property of the service connection point. Note that ****** refers to the farm name chosen at the start of the first Controller install.

Citrix Systems Inc
CC071D3E-773B-A7C1-BC8979313FAE
XDFarm:******
XenDesktop
54AFB4D3-4736-881E-421C4DA1EAAC

Create the farm Controllers Group:

Create a security group in the farm OU called Controllers. Typically the scope of this group should be set to Global, however, the scope of this group is important and must be set according to the following:

• The functional level of the AD forest

• Which domain the OU, controller accounts, and desktop accounts reside

The following table illustrates the supported scopes—the bold entries indicate the recommended scope.

 

AD Functional Level

OU, controllers and desktops in same domain

OU and controllers in same domain, desktops in different domain

OU and desktops in same domain, controllers in different domain

OU in one domain, controllers and desktops in different domain(s)

Windows 2000 Mixed

Global

Global

(Not supported)

(Not supported)

Windows 2000 Native

Windows 2003 (and interim)

Domain Local

Global

Universal

Global

Universal

Domain Local

Universal

Universal

Create the farm Registration Container:

Create a container in the farm OU called RegistrationServices.

How to Manually Register a Desktop Delivery Controller:

The following steps register a Desktop Delivery Controller for use with the XenDesktop farm. The farm OU must have already been configured to complete the following.

Add Membership Details:

Make the controller machine a member of the Controllers group.

Create a Controller Service Connection Point:

1. Obtain the value of the ‘objectGUID’ property of the controller machine. (This is easily done with ADExplorer by highlighting the machine in the AD tree and double-clicking the objectGUID property in the property list. However, the value must not include the braces { } that encapsulate the
value).

2. Create a service connection point in the RegistrationServices container with the name being the objectGUID value obtained in the previous step.

3. Grant the controller machine permissions to update the new service connection point. The following permissions are required:

List Contents
Read All Properties
Write All Properties
Read Permissions

4. Add the following individual entries to the ‘keywords’ property of the service connection point. Note that ****** refers to the farm name chosen at the start of the first Controller install.

Citrix Systems Inc
CC071D3E-773B-A7C1-BC8979313FAE
XDFarm:******
XenDesktop
0A1988B8-9B6F-4CA0-BBA4-6C7BD4D020B4

5. The farm OU must be registered with the Desktop Delivery Controller. This can be done on the controller itself using the following command line.

Note: ****** refers to the distinguished name of the farm OU. This is the ‘distinguishedName’ property of the farm OU and is in the form ‘OU=My Farm,DC=MyDomain,DC=com’

C:\Program Files\Citrix\Desktop Delivery Controller\ADSetup.exe REGISTEROU OU=”******”

6. Restart the Citrix Desktop Delivery Controller Service on the controller.


This document applies to:

  • XenDesktop 2.0 x32

 



Primary links

Custom Search

User login

Who's new

  • japhabept
  • Rullydery
  • eagenorce
  • rittaarier
  • swasseZex

Who's online

There are currently 0 users and 3 guests online.

KrissysCorner.com RuthSwensonLaw.com CreativeLizardProductions.com

DISCLAIMER:

None of this has anything to do with us, someone else is responsible for the entire thing, and we have no idea who or why. We do not know anything about it. It may be alien life forms for all we know: we haven't a clue. You cannot blame us for anything that may result from your visit. That was entirely your own personal choice, made by you of your own volition, and without our knowledge. We do not, after all, have any control over you and cannot by any stretch of the imagination be expected to accept or acknowledge, be it legally or morally, any accountability for decisions made by you on an independent basis, utilizing your own free will, and without our intervention. We are therefore in no way, shape, or form answerable to anyone for any consequences arising from the aforementioned or indeed any other actions, similar or otherwise, because it was not us that did, or did not do anything. It is not even remotely our fault, and we are in no way prepared or willing to accept any liability, not even slightly, ever. We are, in fact completely and utterly blameless, in that it is definitely not our concern, and no blame can possibly be laid at our doorstep, even if we had one, the possession of which we hereby reserve as being entirely our own free choice. The onus is not on us at all, and furthermore, never has been. The entire matter is wholly beyond our control, and completely out of our hands, each of which are washed scrupulously clean of the whole business. We are not accountable for anything at all, and we hereby categorically deny all responsibility for all that has ever, or will ever happen. Our innocence is therefore wholly beyond doubt and absolutely unimpeachable, and so cannot, under even the remotest or unlikeliest circumstances, be brought into question. By clicking either on a link on this site, clicking on a link that leads to this site, or by arriving at this site by natural or supernatural means, you are in effect accepting responsibility for the fact that it is all entirely your own fault, down to the most miniscule detail, and that you are wholly accountable for whatever outcome may arise as a consequence of the aforementioned action or actions insofar as they were undertaken personally by you on an entirely voluntary basis and without any persuasion, coercion or influence from any party or parties other than yourself. Don't come sniveling to us, we are only figments of your imagination. I also agree that if I am ever with a contributor to this website during mealtimes I agree to pay for any super-sizing of their meal, or at least a nice dessert or one of those foo-foo drinks with an umbrella or a monkey. By admitting to have seen the worthless spineless drivel on this website (also known as content)

I Agree Wholeheartedly and Without Reservation to the above. (Except maybe for that part about the monkey.)

All Your Base Are Belong To Us.

Soylent Green Is People!

Never make a bet with a Sicilian when Death is on the Line!

No. Really, I do agree.