vcl-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Kurth <>
Subject Re: Joining a VCL Virtual Machine to an MS Active Directory Domain
Date Tue, 06 Dec 2011 20:31:04 GMT
This is a desirable feature.  I would like to incorporate AD functions
into the codebase -- possible for VCL 2.3.  It is possible but there
are many details which make this a pretty complicated task.

Computer SIDs are an issue.  Sysprep could be used to join the domain,
rename the computer, and update the SID but using it is not desirable
- it causes significant performance problems in shared storage
environments and causes load times to increase.

You could try to write a startup script to use netdom.exe to join the
domain.  Duplicate SIDs may be an issue using this approach.  Also,
after the computer boots and joins the domain it needs to be rebooted.
 You'd have to make sure the reboot doesn't interfere with the normal
VCL startup scripts.

You'll also have to make sure group policies to interfere with any
assumptions made by VCL.  In our campus AD environment, the default
policy renames the Administrator account, requires passwords longer
than the those automatically generated within VCL, and blocks SSH port
22.  In order for VCL to work with a computer joined to our AD, I had
to override several policies and manually join it to the domain.

Anyway... it is a feature which will eventually make its way into VCL.
 Attempting to get the current version to work will be quite


On Tue, Nov 29, 2011 at 4:31 PM, Fay, Cornelius R. <> wrote:
> Dear VCL Community,
> We would like to streamline our VCL user experience by allowing them to
> (re-)authenticate to the Windows VM image using their Active Directory
> credentials.
> We have succeeded in allowing them to use their AD password in the VCL
> Reservation component.  However we cannot pass those credentials to the RDP
> file, but if we can ‘join’ the virtual machine to the AD domain, Users could
> use their AD password (a second time) to start the Windows image in place of
> the random pswd generated by the VCL system.
> Has anyone tried this?
> Does it seem possible (assuming a unique SID is issued for each new image)?
> Thanks,
> Neil Fay, Hood College

View raw message