Setup
      Back to home
      1. Knowledge Base
      2. Active Directory
      3. Setup

      Assign AD User Access

      Assign user access to RDS collections and AVD host pools.

      This quick start guide will provide an overview of managing users via the MyCloudIT portal. This can be used for Microsoft Remote Desktop Services (RDS) and Azure Virtual Desktop (AVD/WVD)  deployments. The MCIT portal communicates with your domain controller to perform active directory functions increasing efficiency of common day to day AD tasks. MCIT User management does not require the MCIT RDS agent.

      Acronyms used in this document:

      • AAD - Azure Active Directory (Microsoft cloud hosted as a service)
      • AD - Active Directory (An instance of an Microsoft Active Directory Domain Services install on a physical server, VM in azure, etc)
      • RDS - Remote Desktop Services (Microsoft's suite of services for delivering thin clients with a full desktop or 'remote apps' via the Windows server operating system)
      • AVD - Azure Virtual Desktop (Microsoft's platform for delivering Windows shared/personal virtual desktops/applications via Azure) - AKA WVD
      • AADC-CS - Azure Active Directory Connect Cloud Sync (One of Microsoft's systems you can use for facilitating AD hybrid identity)

      Assigning a user access to RDS

      This process will show you how to give an AD user access to an RDS collection.

      Machine generated alternative text: AD User General Info user Groups Name: Dan Williams Protected Users Key Admins Enterprise Key Admins DnsAdmins DnsupdateProxy Default Collection Group Members of this group are afforded additional protections against authentication security threats. See http://gomicrosoftcom/f tor more informatiorL Members of this group can perform administrative actions on key objects within the domain. Members of this group can perform administrative actions on key objects within the forest. DNS Administrators Group DNS clients who are permitted to perform dynamic updates on behalf ot some other clients (such as DHCP servers). Global Global Universal DomainLocal Global Global Items per page Yes 100 1 - SO of SO Total CANCEL BACK UPDATE

      1. After you complete the Initial Setup, the users table is displayed.  Click on the ellipses  next to the user you want to edit and then click Open.
        1. Note: You can display more groups by selecting "Items per page 100" at the bottom of the user groups screen.
      2. On the User groups screen find the group named "Collection Group" where 'Collection' is the name of the RDS collection you want to assign the user access to and tick it.
      3. Click Update.

      Assigning a user access to Azure Virtual Desktop (AVD)

      This process will show you how to give an AD user access to an AVD host pool. The user must have a public user principal name (UPN) suffix for AVD access. See appendix A.

      Machine generated alternative text: AD User General Info user Groups Name: Dan Williams Protected Users Key Admins Enterprise Key Admins DnsAdmins DnsupdateProxy Default Collection Group Members of this group are afforded additional protections against authentication security threats. See http://gomicrosoftcom/f tor more informatiorL Members of this group can perform administrative actions on key objects within the domain. Members of this group can perform administrative actions on key objects within the forest. DNS Administrators Group DNS clients who are permitted to perform dynamic updates on behalf ot some other clients (such as DHCP servers). Global Global Universal DomainLocal Global Global Items per page Yes 100 1 - SO of SO Total CANCEL BACK UPDATE

      1. After you complete the Initial Setup, the users table is displayed.  Click on the ellipses  next to the user you want to edit and then click Open.
        1. Note: You can display more groups by selecting "Items per page 100" at the bottom of the user groups screen.
      2. On the User groups screen find the group named "AG-GRP" where 'AG' is the name of the AVD application group (this is often the same as your host pool name) you want to assign the user access to and tick it.
      3. Click Update.

      Note: You may need to wait 1-10 minutes after performing this operation until the user can access a session host as AADC-CS will need to complete its next sync cycle.

      User Management

      Appendix

      Appendix A: Change a user UPN suffix

      Machine generated alternative text: AD User General Info Name: dan O DISABLE Enabled First Name: Last Name: Display Name: Mail: SET PASSWORD DELETE USER s-1-5-21-24830486-8088541820-8678291459-1601 Dan Williams Dan Williams dan@sparks-solar.com dan User Principal Name: Password never expires user cannot change password Description: Sales assistant located in the Dallas office sparks-solarcom poc.local sparks-solar.com CANCEL NEXT

      • AVD users must have a public UPN suffix. A users UPN suffix can be changed by navigating to MCIT Portal > Manage > Active Directory then click the ellipses  menu next to the user you want to edit then click Open. Click the drop-down as shown below under User Principal Name and select your public custom AAD domain name in use for AVD.
      • Note: In the most common type of AVD setup we see the mail field should be the same as the UPN.

      Appendix B: User Access to RDS

      After users are added to the collection AD group as described above, they can use a web browser to visit https://sparks-solar.autords.com/rdweb where "sparks-solar" is replaced with your "Public Subdomain" from the services form of the deployment wizard. The user will then login with their AD username and password. An Example is 'sparkssolar\dwilliams'.